Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Feb 2019 10:49:29 -0500
From:      Mark Johnston <markj@freebsd.org>
To:        Eugene Grosbein <eugen@grosbein.net>
Cc:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r344305 - head/sys/geom
Message-ID:  <20190220154929.GA6605@raichu>
In-Reply-To: <002a35c7-3dda-05e5-7768-3e1606871018@grosbein.net>
References:  <201902192122.x1JLMMPM012400@repo.freebsd.org> <002a35c7-3dda-05e5-7768-3e1606871018@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Feb 20, 2019 at 09:40:45PM +0700, Eugene Grosbein wrote:
> 20.02.2019 4:22, Mark Johnston wrote:
> 
> > Author: markj
> > Date: Tue Feb 19 21:22:22 2019
> > New Revision: 344305
> > URL: https://svnweb.freebsd.org/changeset/base/344305
> > 
> > Log:
> >   Impose a limit on the number of GEOM_CTL arguments.
> >   
> >   Otherwise a privileged user can trigger a memory allocation of
> >   unbounded size, or an integer overflow in the subsequent
> >   geom_alloc_copyin() call, leading to out-of-bounds accesses.
> >   
> >   Hard-code a large limit to circumvent this problem.
> >   
> >   admbug:		854
> >   Reported by:	Anonymous of the Shellphish Grill Team
> >   Reviewed by:	ae
> >   MFC after:	1 week
> >   Sponsored by:	The FreeBSD Foundation
> >   Differential Revision:	https://reviews.freebsd.org/D19251
> > 
> > Modified:
> >   head/sys/geom/geom_ctl.c
> > 
> > Modified: head/sys/geom/geom_ctl.c
> > ==============================================================================
> > --- head/sys/geom/geom_ctl.c	Tue Feb 19 21:20:50 2019	(r344304)
> > +++ head/sys/geom/geom_ctl.c	Tue Feb 19 21:22:22 2019	(r344305)
> > @@ -139,6 +139,12 @@ gctl_copyin(struct gctl_req *req)
> >  	char *p;
> >  	u_int i;
> >  
> > +	if (req->narg > 2048) {
> > +		gctl_error(req, "too many arguments");
> > +		req->arg = NULL;
> > +		return;
> > +	}
> > +
> 
> Could you replace magic constant 2048 with #define symbol, please?
> Something like GEOM_ARG_MAX in sys/sys/limits.h or similar.

Sure.  Here is the proposed diff: https://reviews.freebsd.org/D19271

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190220154929.GA6605>