[Bug 266136] ctl_ioctl() passes user-supplied size directly to kernel malloc() -> potential crash

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 07 Sep 2022 00:54:36 UTC

Alexander Motin <mav@FreeBSD.org> changed:

           What    |Removed                     |Added
             Status|Open                        |In Progress

--- Comment #1 from Alexander Motin <mav@FreeBSD.org> ---
This device is available only to root user, so it is a form of foot shooting. 
But OK, I'll patch it.

You are receiving this mail because:
You are the assignee for the bug.