git: DragonFly_RELEASE_5_6 kernel - Rejigger midistat functions to close a race
Matthew Dillon
dillon at crater.dragonflybsd.org
Tue Aug 20 18:55:52 PDT 2019
commit 30a075b627bb0ac3125ef7c2052ef01e4921ae82
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Tue Aug 20 18:50:59 2019 -0700
kernel - Rejigger midistat functions to close a race
* Make sure lock has full coverage across midistat_open() and
midistat_read(). The temporary drop of the lock in midistat_read()
lead to a race which allows one to read kernel memory beyond the
end of the sbuf buffer.
* Rejigger the code to remove the global offset and just use
uio_offset, which also fixes the same race (but leave the
lock coverage in place regardless).
Taken-From: FreeBSD
Security: CVE-2019-5612
Summary of changes:
sys/dev/sound/midi/midi.c | 32 ++++++++++++++------------------
1 file changed, 14 insertions(+), 18 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/30a075b627bb0ac3125ef7c2052ef01e4921ae82
--
DragonFly BSD source repository
More information about the Commits
mailing list