upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-26 03:08:23 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys
History
Mark Johnston 8b1c0ba411 scsi_cd: Improve TOC access validation 
1. During CD probing, we read the TOC header to find the number of
   entries, then read the TOC itself.  The header determines the number
   of entries, which determines the amount of data to read from the
   device into the softc in the CD_STATE_MEDIA_TOC_FULL state.  We
   hard-code a limit of 99 tracks (plus one for the lead-out) in the
   softc, but were not validating that the size reported by the media
   would fit in this hard-coded limit.  Kernel memory corruption could
   occur if not.[1]  Add validation to check this, and refuse to cache
   the TOC if it would not fit.

2. The CDIOCPLAYTRACKS ioctl uses caller provided track numbers to index
   into the TOC, but we only validate the starting index.  Add
   validation of the ending index.

Also, raise the hard-coded limit from 100 tracks to 170, per a
suggestion from Ken.

Reported by:	C Turt <ecturt@gmail.com> [1]
Reviewed by:	ken, avg
Sponsored by:	The FreeBSD Foundation

(cherry picked from commit 6afabf0092)
2021-11-10 09:22:39 -05:00
..
amd64 amd64 pmap: adjust the empty pmap optimization in pmap_remove() 2021-11-04 02:56:39 +02:00
arm arm: fix a typo in nvidia/drm2/tegra_bo.c 2021-11-09 08:46:01 -05:00
arm64 Use the vm_radix_init() helper when initializing pmaps 2021-11-03 13:42:21 -04:00
bsm Add aio_writev and aio_readv 2021-01-02 19:57:58 -07:00
cam scsi_cd: Improve TOC access validation 2021-11-10 09:22:39 -05:00
cddl kern: drop remaining references to removed makesyscalls.sh 2021-09-14 20:53:03 -05:00
compat Convert consumers to vm_page_alloc_noobj_contig() 2021-11-03 13:41:40 -04:00
conf conf: Add a KMSAN kernel option 2021-11-02 18:17:58 -04:00
contrib Upgrade ENA to v2.4.1 2021-10-07 18:10:32 +02:00
crypto crypto: Support Chacha20-Poly1305 with a nonce size of 8 bytes. 2021-10-21 14:19:30 -07:00
ddb ddb: reliably fail with ambiguous commands 2021-07-02 14:13:24 -07:00
dev vmci: Avoid relying on macro expansion to provide correct syntax 2021-11-07 14:39:38 -05:00
dts arm: allwinner: dtb: Add overlays to disable SD/MMC node 2021-07-22 19:29:21 +02:00
fs nfscl: Add a missing delegation lock release 2021-11-09 15:20:00 -08:00
gdb gdb: report specific stop reason for watchpoints 2021-04-21 10:20:33 -03:00
geom gjournal(8): Fix a typo in a source code comment 2021-11-06 08:51:45 +01:00
gnu Remove the old dts imported tree. 2021-01-15 20:09:55 +01:00
i386 Use the vm_radix_init() helper when initializing pmaps 2021-11-03 13:42:21 -04:00
isa Remove more remnants of sio(4) 2021-04-14 09:19:49 -04:00
kern fexecve(2): allow O_PATH file descriptors opened without O_EXEC 2021-11-06 04:12:33 +02:00
kgssapi State kgssapi dependency on xdr. 2020-09-17 22:29:38 +00:00
libkern Switch to an ifunc in the kernel for crc32c 2021-08-30 12:22:21 +01:00
mips Convert vm_page_alloc() callers to use vm_page_alloc_noobj(). 2021-11-03 13:39:36 -04:00
modules ossl: Add ChaCha20 cipher support. 2021-10-21 08:51:24 -07:00
net pf: remove unused field from pf_kanchor 2021-10-22 09:34:08 +02:00
net80211 net80211/LinuxKPI: add more radiotap definitions 2021-07-18 00:35:03 +00:00
netgraph ng_pptpgre(4): Fix a typo in a source code comment 2021-11-06 08:50:54 +01:00
netinet Fix a common typo in syctl descriptions 2021-11-06 08:52:57 +01:00
netinet6 nd6: Make the DAD callout MPSAFE 2021-09-21 09:37:52 -04:00
netipsec ipsec: enter epoch before calling into ipsec_run_hhooks 2021-10-11 09:10:31 +00:00
netpfil pf: do not copy anchor_wildcard / anchor_relative from userspace 2021-10-22 09:34:18 +02:00
netsmb netsmb: Avoid a read-after-free in smb_t2_request_int() 2021-06-02 09:34:47 -04:00
nfs nfs: clean up empty lines in .c and .h files 2020-09-01 21:25:39 +00:00
nfsclient nfs: clean up empty lines in .c and .h files 2020-09-01 21:25:39 +00:00
nfsserver nfs: Mark unused statistics variable as reserved 2020-11-18 04:35:49 +00:00
nlm nlm: clean up empty lines in .c and .h files 2020-09-01 22:14:52 +00:00
ofed socket: Rename sb(un)lock() and interlock with listen(2) 2021-10-07 09:56:47 -04:00
opencrypto crypto: Support Chacha20-Poly1305 with a nonce size of 8 bytes. 2021-10-21 14:19:30 -07:00
powerpc powerpc64: fix OFWFB with Radix MMU 2021-11-05 11:08:27 -03:00
riscv Convert consumers to vm_page_alloc_noobj_contig() 2021-11-03 13:41:40 -04:00
rpc rpc: Convert an SOLISTENING check to an assertion 2021-09-24 09:01:07 -04:00
security mac: cheaper check for ifnet_create_mbuf and ifnet_check_transmit 2021-07-05 11:32:14 +00:00
sys Extract proc_get_binpath() from sysctl_kern_proc_pathname() 2021-11-06 04:12:32 +02:00
teken loader: implement framebuffer console 2021-01-02 21:41:36 +02:00
tests routing: add IPv6 fib validation procedure. 2021-09-07 21:02:58 +00:00
tools makesyscalls.lua: add a CAPENABLED flag 2021-10-20 00:19:56 +01:00
ufs ufs: remove write-only variables 2021-10-27 03:24:40 +03:00
vm Fix a common typo in syctl descriptions 2021-11-06 08:52:57 +01:00
x86 Generalize bus_space(9) and atomic(9) sanitizer interceptors 2021-11-01 10:16:39 -04:00
xdr xdr: clean up empty lines in .c and .h files 2020-09-01 22:13:28 +00:00
xen xen: remove .swp file from public headers 2021-01-11 18:14:11 +01:00
Makefile