git: fdd100a7150e - main - devctl: Add missing validation to DEV_RESET
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 07 Oct 2024 00:16:13 UTC
The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=fdd100a7150e34d8d98cb38e701b3cb073208653 commit fdd100a7150e34d8d98cb38e701b3cb073208653 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2024-10-06 22:56:40 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2024-10-07 00:16:07 +0000 devctl: Add missing validation to DEV_RESET As in other ioctls which access the parent bus, we need to check for a NULL parent here. Otherwise it's possible to trigger a null pointer dereference by resetting the root device. Reported by: Elliott Mitchell <ehem+freebsd@m5p.com> Reviewed by: imp, kib Differential Revision: https://reviews.freebsd.org/D46965 --- sys/kern/subr_bus.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/kern/subr_bus.c b/sys/kern/subr_bus.c index 7fe46995ee54..d0c41b59dbb6 100644 --- a/sys/kern/subr_bus.c +++ b/sys/kern/subr_bus.c @@ -5859,6 +5859,10 @@ devctl2_ioctl(struct cdev *cdev, u_long cmd, caddr_t data, int fflag, error = EINVAL; break; } + if (device_get_parent(dev) == NULL) { + error = EINVAL; + break; + } error = BUS_RESET_CHILD(device_get_parent(dev), dev, req->dr_flags); break;