git: kernel - Rejigger midistat functions to close a race
Matthew Dillon
dillon at crater.dragonflybsd.org
Tue Aug 20 18:53:45 PDT 2019
commit f70430d0e321043abdf733b90d80d93d06155acf
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Tue Aug 20 18:50:59 2019 -0700
kernel - Rejigger midistat functions to close a race
* Make sure lock has full coverage across midistat_open() and
midistat_read(). The temporary drop of the lock in midistat_read()
lead to a race which allows one to read kernel memory beyond the
end of the sbuf buffer.
* Rejigger the code to remove the global offset and just use
uio_offset, which also fixes the same race (but leave the
lock coverage in place regardless).
Taken-From: FreeBSD
Security: CVE-2019-5612
Summary of changes:
sys/dev/sound/midi/midi.c | 32 ++++++++++++++------------------
1 file changed, 14 insertions(+), 18 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/f70430d0e321043abdf733b90d80d93d06155acf
--
DragonFly BSD source repository
More information about the Commits
mailing list