From nobody Wed Mar 16 21:05:16 2022
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 1F96D1A13C2A;
	Wed, 16 Mar 2022 21:05:28 +0000 (UTC)
	(envelope-from vmaffione@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4KJjV002rZz3pdx;
	Wed, 16 Mar 2022 21:05:28 +0000 (UTC)
	(envelope-from vmaffione@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1647464728;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=i4OQSFBJ111Eec4j5kGDiCImRqOOW3O0yDGY5N/EDBM=;
	b=mvbgvobDV7OVsH0SbCeYWLFDstlq/K7LwE2Afh4O3ldVNenBQl3abMZfeN0NxPkNndLivD
	IC9BhW5XIxW+CH97VmVYPYh1DE3xE0qchfLbWoN1bVfzEaIJ1zYZV6uf3CLmyR48ZALsUF
	a09+1Avy3aS3HedGnx4HyfQaf9dUJBC47QeHpWEqwNt6rREGhgaB+8P17tsfz0ubMPCtWt
	WQFjXX8AhAqMzl5FLDPBH+GcqxBQnKZ/FF0k1XoeqCz4CC7eQdmI8SZvgeYWNFizN9BrUJ
	UCjOIwgCBTl1qKRHt3MCg+m2Os8x+Sn+UjkzT1XDq4JClEf4gTmYjWoqbgiyTA==
Received: from mail-vk1-f170.google.com (mail-vk1-f170.google.com [209.85.221.170])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	(Authenticated sender: vmaffione)
	by smtp.freebsd.org (Postfix) with ESMTPSA id CF4912F3E0;
	Wed, 16 Mar 2022 21:05:27 +0000 (UTC)
	(envelope-from vmaffione@freebsd.org)
Received: by mail-vk1-f170.google.com with SMTP id i133so1865747vki.8;
        Wed, 16 Mar 2022 14:05:27 -0700 (PDT)
X-Gm-Message-State: AOAM530mQx1zsUUbIWNW9P/zBVOs+AWj3/8I0ZQdNJ58sfQVouipuYg8
	pFZRMrXp/MUifT5DrKbRHUt110VBMdUnKB1HkJg=
X-Google-Smtp-Source: ABdhPJz5XFLQRKWs+2R691gsi4NyBeEVH26n5rYs3RtkdJd8O5A+O+aBLpwHl5gZMxLIMC2U2o7rCAbSFmA6cKTef2o=
X-Received: by 2002:a1f:3d03:0:b0:336:f466:9776 with SMTP id
 k3-20020a1f3d03000000b00336f4669776mr827296vka.23.1647464727336; Wed, 16 Mar
 2022 14:05:27 -0700 (PDT)
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
References: <202203160708.22G78lBs012259@gitrepo.freebsd.org> <20220316143136.vu3akg4ehevqmkgu@mutt-hbsd>
In-Reply-To: <20220316143136.vu3akg4ehevqmkgu@mutt-hbsd>
From: Vincenzo Maffione <vmaffione@freebsd.org>
Date: Wed, 16 Mar 2022 22:05:16 +0100
X-Gmail-Original-Message-ID: <CA+_eA9i-4d1ZDJzdNmQ_BpFXjMuG3hCHSKsdTHijdjAarD4dEw@mail.gmail.com>
Message-ID: <CA+_eA9i-4d1ZDJzdNmQ_BpFXjMuG3hCHSKsdTHijdjAarD4dEw@mail.gmail.com>
Subject: Re: git: 393729916564 - main - netmap: Fix TOCTOU vulnerability in nmreq_copyin
To: Shawn Webb <shawn.webb@hardenedbsd.org>
Cc: src-committers <src-committers@freebsd.org>, dev-commits-src-all@freebsd.org, 
	dev-commits-src-main@freebsd.org, FreeBSD Security Team <secteam@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000da5bed05da5c4568"
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1647464728;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=i4OQSFBJ111Eec4j5kGDiCImRqOOW3O0yDGY5N/EDBM=;
	b=ZbkCsoaEz2nO+M4Sh6bhIA3FqsvTe2C8DM3ds8CqpBnk9nw5k4NOtpCihmRZI/mnGLMOkM
	faYWsMmATZNQkHrQ1LviQ8qFOCS0/1w5qlWWYZVqVOL/Gs0+rSJg0YIGrlE5Mya5tA/CpZ
	6dGZ8YGTOTdNCeIO6COJEIOa3XYuqhu/vEkCl2NQZ9ssVisQR3kd3CNFrO3xqNnjJVjjc6
	2+cTWBGGEgIcjr6TntWpekCNYpJkJnyDxxVIYy9D+Ls3ECF6aMIrD3LqwkyXmMa79m99m/
	OL7qD1BomAp2Dv1vu+kEjEt/byrGr6keyT4dc4mlWr3iKbmfg961hvUfp2DI9g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1647464728; a=rsa-sha256; cv=none;
	b=r2JMCdPdVT6DrR50nRiDWpKKldhkzg4TESErp26uWKOYDgz5CSRl9Ye4DIeZCh+5oNu7lf
	+qAbZjYNQpgWmzyk/cN91cO3V0eGzoPC9fSg1RbXrGfQ+DLw8/caQHO4iOUhC+xw42FQWQ
	9WknVz8KniazzXPsxgZ50IqQhtI4AchPEqNOeGOk9c/hiRNv5ZTQHUyosBUQfMv8P0mTYn
	ujmmJz+IYwqaMC0vsndZr3DUl+FAQHuCggm2F8HOgHhLT1bVchhzR+LpjUm7ZvbEGQC7Yd
	gDnlvAiiHxQBX4AQABcKfHlj2ECjM5bAFYypJgoGdkfJGfrw9KrB/rEqkRFUmg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

--000000000000da5bed05da5c4568
Content-Type: text/plain; charset="UTF-8"

Yes. I was told by secteam@ that they would take care of the security
advisories.

Cheers,
  Vincenzo


Il giorno mer 16 mar 2022 alle ore 15:31 Shawn Webb <
shawn.webb@hardenedbsd.org> ha scritto:

> On Wed, Mar 16, 2022 at 07:08:47AM +0000, Vincenzo Maffione wrote:
> > The branch main has been updated by vmaffione:
> >
> > URL:
> https://cgit.FreeBSD.org/src/commit/?id=393729916564ed13f966e09129a24e6931898d12
> >
> > commit 393729916564ed13f966e09129a24e6931898d12
> > Author:     Vincenzo Maffione <vmaffione@FreeBSD.org>
> > AuthorDate: 2022-03-16 06:58:50 +0000
> > Commit:     Vincenzo Maffione <vmaffione@FreeBSD.org>
> > CommitDate: 2022-03-16 06:58:50 +0000
> >
> >     netmap: Fix TOCTOU vulnerability in nmreq_copyin
> >
> >     The total size of the user-provided nmreq was first computed and then
> >     trusted during the copyin. This might lead to kernel memory
> corruption
> >     and escape from jails/containers.
> >
> >     Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day
> Initiative
> >     Security: CVE-2022-23084
> >     MFC after:      3 days
>
> Out of curiosity, if this has an assigned CVE, should it go through
> the normal FreeBSD security advisory process?
>
> Thanks,
>
> --
> Shawn Webb
> Cofounder / Security Engineer
> HardenedBSD
>
>
> https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
>

--000000000000da5bed05da5c4568
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Yes. I was told by secteam@ that they would take care=
 of the=C2=A0security advisories.</div><div><br></div><div>Cheers,</div><di=
v>=C2=A0 Vincenzo</div><div dir=3D"ltr"><br></div><br><div class=3D"gmail_q=
uote"><div dir=3D"ltr" class=3D"gmail_attr">Il giorno mer 16 mar 2022 alle =
ore 15:31 Shawn Webb &lt;<a href=3D"mailto:shawn.webb@hardenedbsd.org" targ=
et=3D"_blank">shawn.webb@hardenedbsd.org</a>&gt; ha scritto:<br></div><bloc=
kquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:=
1px solid rgb(204,204,204);padding-left:1ex">On Wed, Mar 16, 2022 at 07:08:=
47AM +0000, Vincenzo Maffione wrote:<br>
&gt; The branch main has been updated by vmaffione:<br>
&gt; <br>
&gt; URL: <a href=3D"https://cgit.FreeBSD.org/src/commit/?id=3D393729916564=
ed13f966e09129a24e6931898d12" rel=3D"noreferrer" target=3D"_blank">https://=
cgit.FreeBSD.org/src/commit/?id=3D393729916564ed13f966e09129a24e6931898d12<=
/a><br>
&gt; <br>
&gt; commit 393729916564ed13f966e09129a24e6931898d12<br>
&gt; Author:=C2=A0 =C2=A0 =C2=A0Vincenzo Maffione &lt;vmaffione@FreeBSD.org=
&gt;<br>
&gt; AuthorDate: 2022-03-16 06:58:50 +0000<br>
&gt; Commit:=C2=A0 =C2=A0 =C2=A0Vincenzo Maffione &lt;vmaffione@FreeBSD.org=
&gt;<br>
&gt; CommitDate: 2022-03-16 06:58:50 +0000<br>
&gt; <br>
&gt;=C2=A0 =C2=A0 =C2=A0netmap: Fix TOCTOU vulnerability in nmreq_copyin<br=
>
&gt;=C2=A0 =C2=A0 =C2=A0<br>
&gt;=C2=A0 =C2=A0 =C2=A0The total size of the user-provided nmreq was first=
 computed and then<br>
&gt;=C2=A0 =C2=A0 =C2=A0trusted during the copyin. This might lead to kerne=
l memory corruption<br>
&gt;=C2=A0 =C2=A0 =C2=A0and escape from jails/containers.<br>
&gt;=C2=A0 =C2=A0 =C2=A0<br>
&gt;=C2=A0 =C2=A0 =C2=A0Reported by: Lucas Leong (@_wmliang_) of Trend Micr=
o Zero Day Initiative<br>
&gt;=C2=A0 =C2=A0 =C2=A0Security: CVE-2022-23084<br>
&gt;=C2=A0 =C2=A0 =C2=A0MFC after:=C2=A0 =C2=A0 =C2=A0 3 days<br>
<br>
Out of curiosity, if this has an assigned CVE, should it go through<br>
the normal FreeBSD security advisory process?<br>
<br>
Thanks,<br>
<br>
-- <br>
Shawn Webb<br>
Cofounder / Security Engineer<br>
HardenedBSD<br>
<br>
<a href=3D"https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Sha=
wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc" rel=3D"noreferrer=
" target=3D"_blank">https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/m=
aster/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc</a><br>
</blockquote></div>
</div>

--000000000000da5bed05da5c4568--