Date: Thu, 9 Apr 2020 09:21:03 -0500 From: Kyle Evans <kevans@freebsd.org> To: Enji Cooper <yaneurabeya@gmail.com> Cc: src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head <svn-src-head@freebsd.org> Subject: Re: svn commit: r359689 - head/usr.sbin/config Message-ID: <CACNAnaF3YiPNqDh=n8S6A7WVz0YHhgTkQnrqUhFmnk_xwbjPng@mail.gmail.com> In-Reply-To: <8AAE567D-BEC5-4AF1-B290-D4EA833ED96A@gmail.com> References: <202004071414.037EEx5Q057793@repo.freebsd.org> <8AAE567D-BEC5-4AF1-B290-D4EA833ED96A@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 8, 2020 at 1:28 PM Enji Cooper <yaneurabeya@gmail.com> wrote: > > > > On Apr 7, 2020, at 7:14 AM, Kyle Evans <kevans@FreeBSD.org> wrote: > > > > Author: kevans > > Date: Tue Apr 7 14:14:59 2020 > > New Revision: 359689 > > URL: https://svnweb.freebsd.org/changeset/base/359689 > > > > Log: > > config(8): "fix" a couple of buffer overflows > > > > Recently added/changed lines in various kernel configs have caused some > > buffer overflows that went undetected. These were detected with a config > > built using -fno-common as these line buffers smashed one of our arrays, > > then further triaged with ASAN. > > > > Double the sizes; this is really not a great fix, but addresses the > > immediate need until someone rewrites config. While here, add some bounds > > checking so that we don't need to detect this by random bus errors or other > > weird failures. > > Good catch! This seems like it deserves a follow up PR in Bugzilla. I waffled a bit, then came to my senses and created one[0], as this really does need an actual fix or for someone to be motivated to rewrite config(8). [0] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245476
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACNAnaF3YiPNqDh=n8S6A7WVz0YHhgTkQnrqUhFmnk_xwbjPng>