Date: Mon, 05 Aug 2002 08:45:07 -0400 (EDT) From: John Baldwin <jhb@FreeBSD.org> To: new-bus@FreeBSD.org Subject: buffer overflow in devclass_add_device()... Message-ID: <XFMail.20020805084507.jhb@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Just in case you all didn't know this already, in the case of an unwired device (dev->unit == -1) devclass_add_device() malloc's a string assuming the unit count is 2 chars wide. If we get a unit >= 100, then we will overflow the buffer. Probably we should just malloc the nameunit buffer after we do the devclass_alloc_unit(). -- John Baldwin <jhb@FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-new-bus" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20020805084507.jhb>