[Midnightbsd-cvs] [MidnightBSD/src] 9de056: When handling a 32-bit sendmsg(2) call, the compat...
Lucas Holt
noreply at github.com
Fri Aug 7 23:52:07 EDT 2020
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: 9de056024800a90036f8acb6bab6b2f9db72b382
https://github.com/MidnightBSD/src/commit/9de056024800a90036f8acb6bab6b2f9db72b382
Author: Lucas Holt <luke at foolishgames.com>
Date: 2020-08-07 (Fri, 07 Aug 2020)
Changed paths:
M sys/compat/freebsd32/freebsd32_misc.c
Log Message:
-----------
When handling a 32-bit sendmsg(2) call, the compat32 subsystem copies the
control message to be transmitted (if any) into kernel memory, and adjusts
alignment of control message headers. The code which performs this work
contained a time-of-check to time-of-use (TOCTOU) vulnerability which allows a
malicious userspace program to modify control message headers after they were
validated by the kernel.
More information about the Midnightbsd-cvs
mailing list