Date: Tue, 3 Oct 2017 17:22:13 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin Hi On Tue, Oct 03, 2017 at 02:39:55PM +0000, Xu, Meng wrote: > Hello, > > In function smb_strdupin() of file sys/netsmb/smb_subr.c, > smb_strdupin() tried to roll a copyin() based strlen to allocate a buffer > and then blindly copyin that size. Of course, a malicious user program > could simultaneously manipulate the buffer, resulting in a non-terminated > string being copied. > > Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222687 > Patch: https://svnweb.freebsd.org/base?view=revision&revision=324102 > > Please help assign a CVE to it. CVE's are not anymore requested via the oss-security list. If you want to request one please have a look at https://cveform.mitre.org/ Once you have the CVE assigned, can you please loop back the assignement in this thread? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ