[Bug 266101] ucred reference count may overflow

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 29 Aug 2022 16:21:29 UTC

            Bug ID: 266101
           Summary: ucred reference count may overflow
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: emaste@freebsd.org

The refcount(9) API mitigates reference count overflow (by changing it into a
leak) as of 0b21d8949934 ("Handle refcount(9) wraparound.")

As of 1724c563e62f ("cred: distribute reference count per thread") ucred
handling (crhold etc.) does not use refcount(9), and so is vulnerable to
reference count overflow. See for example

Need to either use refcount(9) or add explicit overflow handling.

You are receiving this mail because:
You are the assignee for the bug.