git: DragonFly_RELEASE_5_6 kernel - Rejigger midistat functions to close a race

Matthew Dillon dillon at crater.dragonflybsd.org
Tue Aug 20 18:55:52 PDT 2019


commit 30a075b627bb0ac3125ef7c2052ef01e4921ae82
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Tue Aug 20 18:50:59 2019 -0700

    kernel - Rejigger midistat functions to close a race
    
    * Make sure lock has full coverage across midistat_open() and
      midistat_read().  The temporary drop of the lock in midistat_read()
      lead to a race which allows one to read kernel memory beyond the
      end of the sbuf buffer.
    
    * Rejigger the code to remove the global offset and just use
      uio_offset, which also fixes the same race (but leave the
      lock coverage in place regardless).
    
    Taken-From:	FreeBSD
    Security:       CVE-2019-5612

Summary of changes:
 sys/dev/sound/midi/midi.c | 32 ++++++++++++++------------------
 1 file changed, 14 insertions(+), 18 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/30a075b627bb0ac3125ef7c2052ef01e4921ae82


-- 
DragonFly BSD source repository



More information about the Commits mailing list