[Bug 266136] ctl_ioctl() passes user-supplied size directly to kernel malloc() -> potential crash

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 266136] ctl_ioctl() passes user-supplied size directly to kernel malloc() -> potential crash"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 07 Sep 2022 00:54:36 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266136

Alexander Motin <mav@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Open                        |In Progress

--- Comment #1 from Alexander Motin <mav@FreeBSD.org> ---
This device is available only to root user, so it is a form of foot shooting. 
But OK, I'll patch it.

-- 
You are receiving this mail because:
You are the assignee for the bug.