[Midnightbsd-cvs] [MidnightBSD/src] 87e0a4: When handling a 32-bit sendmsg(2) call, the compat...
Lucas Holt
noreply at github.com
Fri Aug 7 23:49:40 EDT 2020
Branch: refs/heads/stable/1.2
Home: https://github.com/MidnightBSD/src
Commit: 87e0a4299c4d130c441489b2b2db03be0a8c3e2e
https://github.com/MidnightBSD/src/commit/87e0a4299c4d130c441489b2b2db03be0a8c3e2e
Author: Lucas Holt <luke at foolishgames.com>
Date: 2020-08-07 (Fri, 07 Aug 2020)
Changed paths:
M sys/compat/freebsd32/freebsd32_misc.c
Log Message:
-----------
When handling a 32-bit sendmsg(2) call, the compat32 subsystem copies the
control message to be transmitted (if any) into kernel memory, and adjusts
alignment of control message headers. The code which performs this work
contained a time-of-check to time-of-use (TOCTOU) vulnerability which allows a
malicious userspace program to modify control message headers after they were
validated by the kernel.
More information about the Midnightbsd-cvs
mailing list