Module Name: src
Committed By: riastradh
Date: Thu Jul 7 18:17:33 UTC 2022
Modified Files:
src/sys/compat/common: uipc_syscalls_40.c
src/sys/net: if.c
Log Message:
ifioctl(9): Don't touch ifconf or ifreq until command is validated.
sys_ioctl validates the data pointer according to the command's size
and direction. But userland may ioctl commands other than
OSIOCGIFCONF or OOSIOCGIFCONF -- and if userland passes an IOC_VOID
command, the argument is passed through verbatim and may be null.
Reported-by: [email protected]
https://syzkaller.appspot.com/bug?id=f4c91a7dcd31901c80d91af6ed01456faf0a7286
Reported-by: [email protected]
https://syzkaller.appspot.com/bug?id=4a3a4b92dbe9695046ff17a5474cef52aed23e0b
Reported-by: [email protected]
https://syzkaller.appspot.com/bug?id=3e5f42c998e43ad42da40dec3c7873e6aae187e4
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/sys/compat/common/uipc_syscalls_40.c
cvs rdiff -u -r1.505 -r1.506 src/sys/net/if.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
