[Bug 206579] amr(4): Multiple vulnerabilities in AMR ioctl handler
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jan 25 22:29:48 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206579
CTurt <ecturt at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Open |Closed
Resolution|--- |Not A Bug
--- Comment #3 from CTurt <ecturt at gmail.com> ---
There are similarities in other drivers, like the `mfi` code.
For Linux commands, like `MFI_LINUX_CMD_2`, `copyin` is used:
error = copyin(arg, &l_ioc, sizeof(l_ioc));
But for FreeBSD commands, such as `MFIIO_QUERY_DISK`, `arg` is directly
dereferenced:
qd = (struct mfi_query_disk *)arg;
qd->present = 1;
Since both drivers seem to follow this same pattern, I believe the handling of
`addr` is probably correct.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list