[Bug 206581] bxe_ioctl_nvram handler is faulty

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Jan 24 16:37:28 UTC 2016


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206581

--- Comment #1 from CTurt <ecturt at gmail.com> ---
Sorry, forgot about the check:

    if (len > sizeof(struct bxe_nvram_data)) {

So, the example I suggested wouldn't work.

But the lack of `copyin` being checked, is still valid. And there probably
should be some bound checks anyway.

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the freebsd-bugs mailing list