Date: Tue, 3 Oct 2017 14:39:55 +0000 From: "Xu, Meng" <meng.xu@...ech.edu> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin Hello, In function smb_strdupin() of file sys/netsmb/smb_subr.c, smb_strdupin() tried to roll a copyin() based strlen to allocate a buffer and then blindly copyin that size. Of course, a malicious user program could simultaneously manipulate the buffer, resulting in a non-terminated string being copied. Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222687 Patch: https://svnweb.freebsd.org/base?view=revision&revision=324102 Please help assign a CVE to it. Thanks, Meng
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.