Searched hist:"5707 ddcc" (Results 1 – 1 of 1) sorted by relevance
| /netbsd/sys/netatalk/ |
| H A D | at_control.c | 5707ddcc Thu Mar 30 15:58:10 GMT 2023 riastradh <riastradh@NetBSD.org> atalk(4): Don't let userland control sa_len when adding addresses.
- The struct sockaddr_at object accessed by at_ifinit always comes
from an ioctl buffer that is adequately sized and fully initialized
from userland memory.
- The newly created sockaddr_at object is later used with
sockaddr_copy, which requires sa_len to be correctly initialized.
- sa_len is not generally required to be correctly initialized by
userland in most entry points (with some exceptions, e.g. gif(4)
configuration).
I don't know whether existing userland programs initialize sa_len
correctly; if they do, we can verify it matches sizeof(struct
sockaddr_at), but there's no need to copy sa_len then if it is
verified to be that fixed value.
Reported-by: syzbot+fb4e112846e31bc4c09d@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=6e511f97443d681b8917c6258d6463b28b36e8c9
Reported-by: syzbot+dce8a2b69dc06d9d6115@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=e521a01ced5d0bbd363e998b81bc29f3282fd75f
Reported-by: syzbot+705a2a35990549b12c8d@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=b9147d4070e1d240acd27155ce1f863997175517
Reported-by: syzbot+b9c649832cc9b1fdc7d6@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=d5c9ad3d43042ec6e9f7bd30e13a37205e7e0373
Reported-by: syzbot+ac4ab136ca76e8152218@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=349c0c4eded3eff1ff5fc2cd2d88b42806e08a47
Reported-by: syzbot+b75c731d20e46e9543e9@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=e014d790e218797e217dd590ebe5a3a89e65b627
XXX pullup-8
XXX pullup-9
XXX pullup-10
|