Daemon News Ezine BSD News BSD Mall BSD Support Forum BSD Advocacy BSD Updates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

buffer overflow in devclass_add_device()...

Just in case you all didn't know this already, in the case of an
unwired device (dev->unit == -1) devclass_add_device() malloc's
a string assuming the unit count is 2 chars wide.  If we get a
unit >= 100, then we will overflow the buffer.  Probably we should
just malloc the nameunit buffer after we do the devclass_alloc_unit().


John Baldwin <jhb@xxxxxxxxxxx>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to majordomo@xxxxxxxxxxx
with "unsubscribe freebsd-new-bus" in the body of the message