artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5a3c1e4) | patch
kevent validates that ident is a valid fd by getting the file. one sad
authortedu <tedu@openbsd.org>
Thu, 14 Jul 2016 02:35:17 +0000 (02:35 +0000)
committertedu <tedu@openbsd.org>
Thu, 14 Jul 2016 02:35:17 +0000 (02:35 +0000)
commit8e9151d4be2cbbf2fcb4904ec47ae8b8f2e29304
treeed3006f07fc90abe781ed88b1287cb09408bb6e9tree | snapshot
parent5a3c1e468456696901fe9062ec8f69e70fbc8ccdcommit | diff
kevent validates that ident is a valid fd by getting the file. one sad
quirk: uint64 to int32 truncation can lead to false positives, and then
later in the array sizing code, very big mallocs panic the kernel.
add a check that the ident isn't larger than INT_MAX in the fd case.
reported by Tim Newsham
sys/kern/kern_event.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim