Conrad Meyer 51bcc337dd netsmb: Fix buggy/racy smb_strdupin() ... smb_strdupin() tried to roll a copyin() based strlen to allocate a buffer and then blindly copyin that size. Of course, a malicious user program could simultaneously manipulate the buffer, resulting in a non-terminated string being copied. Later assumptions in the code rely upon the string being nul-terminated. Just use copyinstr() and drop the racy sizing. PR: 222687 Reported by: Meng Xu <meng.xu AT gatech.edu> Security: possible local DoS Sponsored by: Dell EMC Isilon		2017-09-29 15:53:26 +00:00
..
netbios.h	Remove IPX support.	2014-03-14 02:58:48 +00:00
smb.h	Switch to our preferred 2-clause BSD license.	2010-04-07 16:50:38 +00:00
smb_conn.c	The problem report was for a crash that happened when smbfs was	2015-11-18 23:04:01 +00:00
smb_conn.h	Overhaul locking in netsmb, getting rid of the obsolete lockmgr() primitive.	2013-05-04 14:18:10 +00:00
smb_crypt.c
smb_dev.c	Update kernel inclusions of capability.h to use capsicum.h instead; some	2014-03-16 10:55:57 +00:00
smb_dev.h	Completely rewrite the interface to smbdev switching from dev_clone	2013-05-04 14:03:18 +00:00
smb_iod.c	The problem report was for a crash that happened when smbfs was	2015-11-18 23:04:01 +00:00
smb_rq.c	Mechanically substitute flags from historic mbuf allocator with	2012-12-05 08:04:20 +00:00
smb_rq.h	Switch to our preferred 2-clause BSD license.	2010-04-07 16:50:38 +00:00
smb_smb.c	Remove unused SMB_DIALECT_MAX macro.	2016-04-20 21:13:24 +00:00
smb_subr.c	netsmb: Fix buggy/racy smb_strdupin()	2017-09-29 15:53:26 +00:00
smb_subr.h	Change some variables from int to size_t. This is more accurate since	2011-01-08 23:06:54 +00:00
smb_tran.h	Switch to our preferred 2-clause BSD license.	2010-04-07 16:50:38 +00:00
smb_trantcp.c	Catch up with sb_timeo type change in r255138. This fixes	2013-11-08 08:44:09 +00:00
smb_trantcp.h	Switch to our preferred 2-clause BSD license.	2010-04-07 16:50:38 +00:00
smb_usr.c	sys/net*: minor spelling fixes.	2016-05-03 18:05:43 +00:00