upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 16:50:25 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

bhyve: validate corb->wp to avoid infinite loop

Browse source 
Guests must set HDAC_CORBWP less than corb->size.  Treat invalid values
as an error rather than entering an infinite loop.

Reported by:	Synacktiv
Reviewed by:	markj
Security:	HYP-12
Sponsored by:	The Alpha-Omega Project
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46134
This commit is contained in:
Ed Maste 2024-09-19 14:57:42 -04:00
parent 4004e1752e
commit a305f44d14
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
usr.sbin/bhyve/pci_hda.c
View file

@ -788,6 +788,11 @@ hda_corb_run(struct hda_softc *sc)
int err;
corb->wp = hda_get_reg_by_offset(sc, HDAC_CORBWP);
if (corb->wp >= corb->size) {
DPRINTF("Invalid HDAC_CORBWP %u >= size %u", corb->wp,
corb->size);
return (-1);
}
while (corb->rp != corb->wp && corb->run) {
corb->rp++;