Date: Tue, 3 Oct 2017 17:22:13 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin Hi On Tue, Oct 03, 2017 at 02:39:55PM +0000, Xu, Meng wrote: > Hello, > > In function smb_strdupin() of file sys/netsmb/smb_subr.c, > smb_strdupin() tried to roll a copyin() based strlen to allocate a buffer > and then blindly copyin that size. Of course, a malicious user program > could simultaneously manipulate the buffer, resulting in a non-terminated > string being copied. > > Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222687 > Patch: https://svnweb.freebsd.org/base?view=revision&revision=324102 > > Please help assign a CVE to it. CVE's are not anymore requested via the oss-security list. If you want to request one please have a look at https://cveform.mitre.org/ Once you have the CVE assigned, can you please loop back the assignement in this thread? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.