upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-10 17:22:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/lib/libnv/tests
History
Mariusz Zaborski 7b7e6d7376 libnv: fix heap overflow in nvlist_recv() 
nvlist_check_header() validated nvlh_size for overflow before
performing conversion. An mallicous user can set
NV_FLAG_BIG_ENDIAN in the header and craft nvlh_size so that
the orginall value passes the check, but after the conversion the
sizeof(nvlist_header) + size can overflow.
This can lead to a heap buffer overflow.

Approved by:	so
Security:	FreeBSD-SA-26:17.libnv
Security:	CVE-2026-35547
Fixes:		36fa90dbde
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D56342
2026-04-29 22:15:06 +02:00
..
cnv_tests.cc Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:42 -06:00
dnv_tests.cc Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:42 -06:00
Makefile libnv: add tests to verify potential overflow issues 2026-04-29 22:14:59 +02:00
Makefile.depend Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
nv_array_tests.cc libnv: add test to verify null termination of string in array 2026-04-29 22:14:58 +02:00
nv_tests.cc Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:42 -06:00
nvlist_add_test.c Remove "All Rights Reserved" from FreeBSD Foundation copyrights 2024-08-06 15:39:53 -04:00
nvlist_append_test.c Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
nvlist_exists_test.c Remove "All Rights Reserved" from FreeBSD Foundation copyrights 2024-08-06 15:39:53 -04:00
nvlist_free_test.c Remove "All Rights Reserved" from FreeBSD Foundation copyrights 2024-08-06 15:39:53 -04:00
nvlist_get_test.c Remove "All Rights Reserved" from FreeBSD Foundation copyrights 2024-08-06 15:39:53 -04:00
nvlist_move_test.c Remove "All Rights Reserved" from FreeBSD Foundation copyrights 2024-08-06 15:39:53 -04:00
nvlist_send_recv_test.c libnv: fix heap overflow in nvlist_recv() 2026-04-29 22:15:06 +02:00