mirror of
https://github.com/opnsense/src.git
synced 2026-02-23 18:00:31 -05:00
fc915f1be1
pseudofs nodes store their name in a flexible array member, so the node allocation is sized using the length of the name, including a nul terminator. pfs_lookup() scans a directory of nodes, comparing names to find a match. The comparison was incorrect and assumed that all node names were at least as long as the name being looked up, which of course isn't true. I believe the bug is mostly harmless since it cannot result in false positive or negative matches from the lookup, but it triggers a KASAN check. Reported by: pho Reviewed by: kib, Olivier Certner <olce.freebsd@certner.fr> MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D40692 |
||
|---|---|---|
| .. | ||
| pseudofs.c | ||
| pseudofs.h | ||
| pseudofs_fileno.c | ||
| pseudofs_internal.h | ||
| pseudofs_vncache.c | ||
| pseudofs_vnops.c | ||