oss-sec mailing list archives
CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin
From: "Xu, Meng" <meng.xu () gatech edu>
Date: Tue, 3 Oct 2017 14:39:55 +0000
Hello, In function smb_strdupin() of file sys/netsmb/smb_subr.c, smb_strdupin() tried to roll a copyin() based strlen to allocate a buffer and then blindly copyin that size. Of course, a malicious user program could simultaneously manipulate the buffer, resulting in a non-terminated string being copied. Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222687 Patch: https://svnweb.freebsd.org/base?view=revision&revision=324102 Please help assign a CVE to it. Thanks, Meng
Current thread:
- CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin Xu, Meng (Oct 03)
- Re: CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin Salvatore Bonaccorso (Oct 03)