Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/net Fix buffer overflow, detected by kASan.
details: https://anonhg.NetBSD.org/src/rev/88fb8dae5606
branches: trunk
changeset: 364988:88fb8dae5606
user: maxv <maxv%NetBSD.org@localhost>
date: Fri Aug 31 15:15:23 2018 +0000
description:
Fix buffer overflow, detected by kASan.
ifconfig gif0 create
ifconfig gif0 up
[ 50.682919] kASan: Unauthorized Access In 0xffffffff80f22655: Addr 0xffffffff81b997a0 [8 bytes, read]
[ 50.682919] #0 0xffffffff8021ce6a in kasan_memcpy <netbsd>
[ 50.692999] #1 0xffffffff80f22655 in m_copyback_internal <netbsd>
[ 50.692999] #2 0xffffffff80f22e81 in m_copyback <netbsd>
[ 50.692999] #3 0xffffffff8103109a in rt_msg1 <netbsd>
[ 50.692999] #4 0xffffffff8159109a in compat_70_rt_newaddrmsg1 <netbsd>
[ 50.692999] #5 0xffffffff81031b0f in rt_newaddrmsg <netbsd>
[ 50.692999] #6 0xffffffff8102c35e in rt_ifa_addlocal <netbsd>
[ 50.692999] #7 0xffffffff80a5287c in in6_update_ifa1 <netbsd>
[ 50.692999] #8 0xffffffff80a54149 in in6_update_ifa <netbsd>
[ 50.692999] #9 0xffffffff80a59176 in in6_ifattach <netbsd>
[ 50.692999] #10 0xffffffff80a56dd4 in in6_if_up <netbsd>
[ 50.692999] #11 0xffffffff80fc5cb8 in if_up_locked <netbsd>
[ 50.703622] #12 0xffffffff80fcc4c1 in ifioctl_common <netbsd>
[ 50.703622] #13 0xffffffff80fde694 in gif_ioctl <netbsd>
[ 50.703622] #14 0xffffffff80fcdb1f in doifioctl <netbsd>
diffstat:
sys/net/rtsock.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diffs (32 lines):
diff -r c86a052fc52b -r 88fb8dae5606 sys/net/rtsock.c
--- a/sys/net/rtsock.c Fri Aug 31 14:16:06 2018 +0000
+++ b/sys/net/rtsock.c Fri Aug 31 15:15:23 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rtsock.c,v 1.241 2018/04/25 03:49:57 ozaki-r Exp $ */
+/* $NetBSD: rtsock.c,v 1.242 2018/08/31 15:15:23 maxv Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.241 2018/04/25 03:49:57 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.242 2018/08/31 15:15:23 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -1221,11 +1221,11 @@
m_copyback(m, len, sa->sa_len, sa);
if (dlen != sa->sa_len) {
/*
- * Up to 6 + 1 nul's since roundup is to
+ * Up to 7 + 1 nul's since roundup is to
* sizeof(uint64_t) (8 bytes)
*/
m_copyback(m, len + sa->sa_len,
- dlen - sa->sa_len, "\0\0\0\0\0\0");
+ dlen - sa->sa_len, "\0\0\0\0\0\0\0");
}
len += dlen;
}
Home |
Main Index |
Thread Index |
Old Index