oss-sec mailing list archives
Re: CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 3 Oct 2017 17:22:13 +0200
Hi On Tue, Oct 03, 2017 at 02:39:55PM +0000, Xu, Meng wrote:
Hello, In function smb_strdupin() of file sys/netsmb/smb_subr.c, smb_strdupin() tried to roll a copyin() based strlen to allocate a buffer and then blindly copyin that size. Of course, a malicious user program could simultaneously manipulate the buffer, resulting in a non-terminated string being copied. Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222687 Patch: https://svnweb.freebsd.org/base?view=revision&revision=324102 Please help assign a CVE to it.
CVE's are not anymore requested via the oss-security list. If you want to request one please have a look at https://cveform.mitre.org/ Once you have the CVE assigned, can you please loop back the assignement in this thread? Regards, Salvatore
Current thread:
- CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin Xu, Meng (Oct 03)
- Re: CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin Salvatore Bonaccorso (Oct 03)