[Bug 283702] Out-of-bounds read in Netgraph parsing of binary Netgraph packets

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 28 Feb 2025 14:52:39 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283702

Mark Johnston <markj@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |markj@FreeBSD.org

--- Comment #4 from Mark Johnston <markj@FreeBSD.org> ---
Hrm, many of these unparse routines are buggy.  The size of the source buffer
is not passed to them, and most of the blindly assume that the input is
well-formed.  It is possible to get the input buffer length by moving the data
pointer backwards, like ng_unparse_composite() does, but that's kind of iffy. 
Probably it'd be nicer to pass a pointer to the ng_mesg structure instead, even
though that requires some churn.

-- 
You are receiving this mail because:
You are the assignee for the bug.