opnsense-src

mirror of https://github.com/opnsense/src.git synced 2026-06-10 09:11:07 -04:00

History

Mariusz Zaborski 7b7e6d7376 libnv: fix heap overflow in nvlist_recv() nvlist_check_header() validated nvlh_size for overflow before performing conversion. An mallicous user can set NV_FLAG_BIG_ENDIAN in the header and craft nvlh_size so that the orginall value passes the check, but after the conversion the sizeof(nvlist_header) + size can overflow. This can lead to a heap buffer overflow. Approved by: so Security: FreeBSD-SA-26:17.libnv Security: CVE-2026-35547 Fixes: `36fa90dbde` Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D56342		2026-04-29 22:15:06 +02:00
..
tests	libnv: fix heap overflow in nvlist_recv()	2026-04-29 22:15:06 +02:00
common_impl.h	Remove "All Rights Reserved" from FreeBSD Foundation copyrights	2024-08-06 15:39:53 -04:00
Makefile	Remove $FreeBSD$: one-line sh pattern	2023-08-16 11:55:03 -06:00
Makefile.depend	Remove $FreeBSD$: one-line sh pattern	2023-08-16 11:55:03 -06:00
msgio.c	libnv: switch fd_wait() from select(2) to poll(2)	2026-04-29 22:15:00 +02:00
msgio.h	Remove $FreeBSD$: two-line .h pattern	2023-08-16 11:54:16 -06:00
Version.map	Remove $FreeBSD$: one-line sh pattern	2023-08-16 11:55:03 -06:00