[Bug 232920] linuxulator: linux_to_bsd_sockaddr and bsd_to_linux_sockaddr are unsafe

Fri Nov 2 22:49:21 UTC 2018

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232920

            Bug ID: 232920
           Summary: linuxulator: linux_to_bsd_sockaddr and
                    bsd_to_linux_sockaddr are unsafe
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: brooks at FreeBSD.org

The bsd_to_linux_sockaddr() and linux_to_bsd_sockaddr() functions alter the
userspace sockaddr to convert the format between linux and BSD versions.  If
the sockaddr is shared between concurrent syscalls or the pages are unwritable
these functions will fail.

Code should either be altered to perform the transformation purely in the
kernel or at a minimum, copyout_map should be used to allocated a new location
for the transformed sockaddr.

-- 
You are receiving this mail because:
You are the assignee for the bug.