CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

projects / FreeBSD / FreeBSD.git / commit

author	jrtc27 <jrtc27@FreeBSD.org>
	Thu, 15 Oct 2020 18:03:14 +0000 (18:03 +0000)
committer	jrtc27 <jrtc27@FreeBSD.org>
	Thu, 15 Oct 2020 18:03:14 +0000 (18:03 +0000)
commit	9cd6dd60d6e0e5e5a06b2e4b7d21799c82d19c77
tree	7039bb5b6f2bc251e8819b52bf98c1821df40de0	tree \| snapshot
parent	1b7f0c4866a1b465e2e1e994b323646ec6768d72	commit \| diff

kldxref: Avoid buffer overflows in parse_pnp_list

We convert a string like "W32:vendor/device" into "I:vendor;I:device",
where the output is longer than the input, but only allocate space equal
to the length of the input, leading to a buffer overflow.

Instead use open_memstream so we get a safe dynamically-grown buffer.

Found by: CHERI
Reviewed by: imp, jhb (mentor)
Approved by: imp, jhb (mentor)
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D26637

usr.sbin/kldxref/kldxref.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom