https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238023
Bug ID: 238023 Summary: integer overflow in scsisanitize in sbin/camcontrol/camcontrol.c Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: b...@freebsd.org Reporter: yang...@hotmail.com Created attachment 204511 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=204511&action=edit Proposed patch There is an integer overflow vulnearability in function scsisanitize of sbin/camcontrol/camcontrol.c if ((scsi_get_sks(sense, ccb->csio.sense_len - ccb->csio.sense_resid, sks) == 0) && (quiet == 0)) { int val; u_int64_t percentage; val = scsi_2btoul(&sks[1]); percentage = 10000 * val; fprintf(stdout, "\rSanitizing: %ju.%02u %% " "(%d/%d) done", (uintmax_t)(percentage / (0x10000 * 100)), (unsigned)((percentage / 0x10000) % 100), val, 0x10000); fflush(stdout); The type for percentage is u_int64_t, and the type for val is int. Therefore, there would be integer overflow, which is similar to vulnerability that was fixed in https://github.com/freebsd/freebsd/commit/d1f96a5c3d79da16294b41369da6b5e512c7e8cd. The attachment is the proposed patch. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"