Date: Thu, 09 Feb 2017 13:49:12 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 216939] A buffer underflow in the ZFS implementation of vop_vptocnp VFS method Message-ID: <bug-216939-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D216939 Bug ID: 216939 Summary: A buffer underflow in the ZFS implementation of vop_vptocnp VFS method Product: Base System Version: 10.3-STABLE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: fbsd@any.com.ru Created attachment 179795 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D179795&action= =3Dedit This patch adds check for remaining buffer space. ENOMEM will be returned w= hen buffer too small. ZFS implementation the vop_vptocnp VFS method doesn't check for remaining buffer space. So some memory before the begin of buffer may be overwritten. Also negative buffer length may be returned. This affects at least kern___getcwd function on 64-bit platforms. Buffer length in vn_fullpath1 u= sed by kern___getcwd have declared as unsigned int, so '/' char may be written = far beyond the end of the buffer. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-216939-8>