Stathis Kamperis <[email protected]> added the comment: Short follow-up.
Matt commented on the code in IRC and said that there should a validation of sizeof(struct hammer_ioc_volume). Otherwise the hammer vfs might overflow the data buffer, the userland provides. Although Matt was kind enough to explain it twice, I still don't get it. I'm allocating room for the maximum volumes a file system can have and also I'm only writing to the 'device_name' field of 'hammer_ioc_volume' structure, which happens to have automatic storage. So, what kind of buffer overrun I should be checking against? Can anyone please provide some code snippet or an insight ? Thanks! Stathis ---------- status: unread -> chatting _____________________________________________________ DragonFly issue tracker <[email protected]> <http://bugs.dragonflybsd.org/issue1863> _____________________________________________________
