[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
buffer overflow in devclass_add_device()...
Just in case you all didn't know this already, in the case of an
unwired device (dev->unit == -1) devclass_add_device() malloc's
a string assuming the unit count is 2 chars wide. If we get a
unit >= 100, then we will overflow the buffer. Probably we should
just malloc the nameunit buffer after we do the devclass_alloc_unit().
--
John Baldwin <jhb@xxxxxxxxxxx> <>< http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve!" - http://www.FreeBSD.org/
To Unsubscribe: send mail to majordomo@xxxxxxxxxxx
with "unsubscribe freebsd-new-bus" in the body of the message