]>
CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
hpt27xx: plug info leak in hpt_ioctl
The hpt27xx ioctl handler allocates a buffer without M_ZERO and calls
hpt_do_ioctl(), which might not overwrite the entire buffer.
Also zero bytesReturned in case it is not written by hpt_do_ioctl().
The hpt27xx device has permissions only for root so this is not urgent,
and the fix can be MFCd and considered for a future EN.
Reported by: Ilja van Sprundel <ivansprundel@ioactive.com>
Submitted by: Domagoj Stolfa <domagoj.stolfa@gmail.com> (M_ZERO)
Reviewed by: jhb, kib
MFC after: 3 days
Security: info leak in root-only ioctl
Sponsored by: The FreeBSD Foundation
projects / FreeBSD / FreeBSD.git / commit