[Bug 206579] amr(4): Multiple vulnerabilities in AMR ioctl handler

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Jan 25 22:29:48 UTC 2016


CTurt <ecturt at gmail.com> changed:

           What    |Removed                     |Added
             Status|Open                        |Closed
         Resolution|---                         |Not A Bug

--- Comment #3 from CTurt <ecturt at gmail.com> ---
There are similarities in other drivers, like the `mfi` code.

For Linux commands, like `MFI_LINUX_CMD_2`, `copyin` is used:

    error = copyin(arg, &l_ioc, sizeof(l_ioc));

But for FreeBSD commands, such as `MFIIO_QUERY_DISK`, `arg` is directly

    qd = (struct mfi_query_disk *)arg;
    qd->present = 1;

Since both drivers seem to follow this same pattern, I believe the handling of
`addr` is probably correct.

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list