[Midnightbsd-cvs] [MidnightBSD/src] 352cd4: The passive mode in FTP communication allows an ou...
Lucas Holt
noreply at github.com
Wed Aug 25 01:20:43 EDT 2021
Branch: refs/heads/stable/2.1
Home: https://github.com/MidnightBSD/src
Commit: 352cd423c615c10bf02c9b819845f2b8e9878525
https://github.com/MidnightBSD/src/commit/352cd423c615c10bf02c9b819845f2b8e9878525
Author: Lucas Holt <luke at foolishgames.com>
Date: 2021-08-25 (Wed, 25 Aug 2021)
Changed paths:
M lib/libfetch/ftp.c
Log Message:
-----------
The passive mode in FTP communication allows an out of boundary read while
libfetch uses strtol to parse the relevant numbers into address bytes. It
does not check if the line ends prematurely. If it does, the for-loop
condition checks for *p == '\0' one byte too late because p++ was already
performed.
Obtained from: FreeBSD
Commit: 8effe281c73f01f93e440cbefd12298d160525d2
https://github.com/MidnightBSD/src/commit/8effe281c73f01f93e440cbefd12298d160525d2
Author: Lucas Holt <luke at foolishgames.com>
Date: 2021-08-25 (Wed, 25 Aug 2021)
Changed paths:
M sbin/ggate/ggatec/ggatec.c
Log Message:
-----------
The ggatec(8) daemon does not validate the size of a response before writing
it to a fixed-sized buffer. This allows to overwrite the stack of ggatec(8).
Obtained from: FreeBSD
Commit: 94b3ef77dd2b70a5eb009c4e197841881fec24bb
https://github.com/MidnightBSD/src/commit/94b3ef77dd2b70a5eb009c4e197841881fec24bb
Author: Lucas Holt <luke at foolishgames.com>
Date: 2021-08-25 (Wed, 25 Aug 2021)
Changed paths:
M usr.sbin/bhyve/pci_virtio_console.c
M usr.sbin/bhyve/pci_virtio_rnd.c
Log Message:
-----------
Certain VirtIO-based device models failed to handle errors when fetching
I/O descriptors. Such errors could be triggered by a malicious guest.
As a result, the device model code could be tricked into operating on
uninitialized I/O vectors, leading to memory corruption.
Obtained from: FreeBSD
Compare: https://github.com/MidnightBSD/src/compare/ebdf0440df41...94b3ef77dd2b
More information about the Midnightbsd-cvs
mailing list