netmap: Fix TOCTOU vulnerability in nmreq_copyin
The total size of the user-provided nmreq was first computed and then
trusted during the copyin. This might lead to kernel memory corruption
and escape from jails/containers.
Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative
Security: CVE-2022-23084
MFC after: 3 days
(cherry picked from commit
393729916564ed13f966e09129a24e6931898d12)
(cherry picked from commit
6fa8af618475024262fc99b0f0e6c2aa0e1340fe)
Approved by: so
Security: FreeBSD-SA-22:04.netmap
projects / FreeBSD / FreeBSD.git / commit