Date: Tue, 3 Oct 2017 14:39:55 +0000 From: "Xu, Meng" <meng.xu@...ech.edu> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin Hello, In function smb_strdupin() of file sys/netsmb/smb_subr.c, smb_strdupin() tried to roll a copyin() based strlen to allocate a buffer and then blindly copyin that size. Of course, a malicious user program could simultaneously manipulate the buffer, resulting in a non-terminated string being copied. Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222687 Patch: https://svnweb.freebsd.org/base?view=revision&revision=324102 Please help assign a CVE to it. Thanks, Meng
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ