git: fdd100a7150e - main - devctl: Add missing validation to DEV_RESET
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 07 Oct 2024 00:16:13 UTC
The branch main has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=fdd100a7150e34d8d98cb38e701b3cb073208653
commit fdd100a7150e34d8d98cb38e701b3cb073208653
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-10-06 22:56:40 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-10-07 00:16:07 +0000
devctl: Add missing validation to DEV_RESET
As in other ioctls which access the parent bus, we need to check for a
NULL parent here. Otherwise it's possible to trigger a null pointer
dereference by resetting the root device.
Reported by: Elliott Mitchell <ehem+freebsd@m5p.com>
Reviewed by: imp, kib
Differential Revision: https://reviews.freebsd.org/D46965
---
sys/kern/subr_bus.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sys/kern/subr_bus.c b/sys/kern/subr_bus.c
index 7fe46995ee54..d0c41b59dbb6 100644
--- a/sys/kern/subr_bus.c
+++ b/sys/kern/subr_bus.c
@@ -5859,6 +5859,10 @@ devctl2_ioctl(struct cdev *cdev, u_long cmd, caddr_t data, int fflag,
error = EINVAL;
break;
}
+ if (device_get_parent(dev) == NULL) {
+ error = EINVAL;
+ break;
+ }
error = BUS_RESET_CHILD(device_get_parent(dev), dev,
req->dr_flags);
break;