CyberLeo.Net >> Repos - FreeBSD/stable/10.git/commit

MFC r331981:

Limit glyph count in vtfont_load to avoid integer overflow.

Invalid font data passed to PIO_VFONT can result in an integer overflow
in glyphsize.  Characters may then be drawn on the console using glyph
map entries that point beyond the end of allocated glyph memory,
resulting in a kernel memory disclosure.

Submitted by:   emaste
Reported by:    Dr. Silvio Cesare of InfoSect
Security:       CVE-2018-6917
Security:       FreeBSD-SA-18:04.vt
Sponsored by:   The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/stable/10@331983 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

author	gordon <gordon@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Wed, 4 Apr 2018 05:26:33 +0000 (05:26 +0000)
committer	gordon <gordon@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Wed, 4 Apr 2018 05:26:33 +0000 (05:26 +0000)
commit	44c975e709452652f2cab751dfa637ab5ff43d29
tree	fac2e246a186c5fd075a9174955efd7078314e39	tree \| snapshot
parent	6c77ca8747e805a663ec5718ef0b5046a26b2733	commit \| diff