upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-19 02:30:08 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/usr.sbin/fwcontrol
History
John Baldwin ec2aaa9c70 fwcontrol: Allocate full fw_asyreq structures passed to the kernel 
The FW_ASYREQ ioctl accepts a struct fw_asyreq object as its argument,
meaning that the kernel always copies in the full structure in
sys_ioctl before passing the request down to the driver.  However,
fwcontrol was allocating smaller objects that contained only the
request header and a variable-sized payload.  This means that the
kernel copy in sys_ioctl was reading off the end of this buffer.  On
current architectures this happened to be ok, but it is UB.

Instead, allocate a full structure.

Reported by:	GCC 14 -Walloc-size
Reviewed by:	rlibby, brooks
Differential Revision:	https://reviews.freebsd.org/D46014

(cherry picked from commit 9494dfe1b3faf5c48abaa9be4ec87e4669963942)
2024-11-30 08:55:58 -05:00
..
fwcontrol.8 Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
fwcontrol.c fwcontrol: Allocate full fw_asyreq structures passed to the kernel 2024-11-30 08:55:58 -05:00
fwdv.c Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
fwmethods.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
fwmpegts.c Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
Makefile Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
Makefile.depend Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00