From nobody Wed Mar 16 14:31:36 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 2E14B1A19312 for ; Wed, 16 Mar 2022 14:31:39 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KJXlZ3nrwz3LYQ for ; Wed, 16 Mar 2022 14:31:38 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qk1-x733.google.com with SMTP id z66so1958721qke.10 for ; Wed, 16 Mar 2022 07:31:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=mkrrGndYy3rS8VgXlMemcT+Am0+9qG0A0nJ4QHQka24=; b=WniWC8Ve4iP+Ex76f0xNwL8mIC7r2T3ld37s3czK+M+BkhuxvZk9MCBfiLiekd8lYN Z1fhNsvmhwkLw00NvDKRfkm5xWDUbwWGCWUdalF74VvGcYQe/SPdDrtLFAZF7G7V+fAg RgsZnK5BoYyKdnA8vgjHy/y5scliFxsTL3Dt/4LY8DVC0hJPuEONuflXx+pelIfzc3do 3obFRony9y25c+w11h5YM6x+Glr7EImhC4MRSc8O+kPe5dABjMmjAqgtPSyEN6TkepYT 7fEvxLvhuFdJJuKf6u5kN2FEHjWLhSNKii6tU8QQ8ZzH2gPBzBBs9DI/T7dPQSqm+0O1 pLCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=mkrrGndYy3rS8VgXlMemcT+Am0+9qG0A0nJ4QHQka24=; b=vkCsYpN0o7caAbuT2v6y9qmPVi+vgxFjZzlgWcJ3JGydvAaD31bJdUseIvLlgWVDoO cZ29Sk+C0eTBzyd/4tb5g8e3/XRBUQGwH1ntl7UQpAgCh7fBWBbg//ft9IhZp0jGhpPU rN9vXSX3WHBR4PV4TAEIbZ0vIIZg3aVCoqiGOzAeMGtxnMqoXBtz1f0CFQ0TdoMNLBjv P99fZYqCUUQLujNRs4RRE4HbgWUeiUP2lkIDDsWmUHzHnMkz7IG+wt/PawsYG46ykGAa iPlgzivw1Uk2whTwccugh3IP950ZaToNpjb+c2gFkCW+pSkAjg/sehWFh9aYRBqpsoVY Bh6A== X-Gm-Message-State: AOAM531yG45HYzAlAqZ4KgszbSj1/gE8mlAy9F8MGnEpLgvd12Dn3nnM 2zs6Y9EhH0IdhXK4X3kfiFwVGbBmRseaxnGK X-Google-Smtp-Source: ABdhPJzvlzpAhu/KQ5UxEW93q4WlwRrEPt4Ck1ZWX1Oavnq0b4FtqHE/6fcoA+pwP5hF27H5ugwv0Q== X-Received: by 2002:a37:2ec2:0:b0:47e:cdef:3e1e with SMTP id u185-20020a372ec2000000b0047ecdef3e1emr83688qkh.125.1647441097949; Wed, 16 Mar 2022 07:31:37 -0700 (PDT) Received: from mutt-hbsd (pool-100-16-224-136.bltmmd.fios.verizon.net. [100.16.224.136]) by smtp.gmail.com with ESMTPSA id b29-20020a05620a271d00b0067e0c273331sm982560qkp.111.2022.03.16.07.31.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Mar 2022 07:31:37 -0700 (PDT) Date: Wed, 16 Mar 2022 10:31:36 -0400 From: Shawn Webb To: Vincenzo Maffione Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 393729916564 - main - netmap: Fix TOCTOU vulnerability in nmreq_copyin Message-ID: <20220316143136.vu3akg4ehevqmkgu@mutt-hbsd> X-Operating-System: FreeBSD mutt-hbsd 14.0-CURRENT-HBSD FreeBSD 14.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <202203160708.22G78lBs012259@gitrepo.freebsd.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="fq2wajc46mxtvsls" Content-Disposition: inline In-Reply-To: <202203160708.22G78lBs012259@gitrepo.freebsd.org> X-Rspamd-Queue-Id: 4KJXlZ3nrwz3LYQ X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hardenedbsd.org header.s=google header.b=WniWC8Ve; dmarc=none; spf=pass (mx1.freebsd.org: domain of shawn.webb@hardenedbsd.org designates 2607:f8b0:4864:20::733 as permitted sender) smtp.mailfrom=shawn.webb@hardenedbsd.org X-Spamd-Result: default: False [-4.92 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[hardenedbsd.org:s=google]; NEURAL_HAM_MEDIUM(-1.00)[-0.999]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[dev-commits-src-main@freebsd.org]; DMARC_NA(0.00)[hardenedbsd.org]; NEURAL_HAM_LONG(-0.96)[-0.963]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[hardenedbsd.org:+]; NEURAL_HAM_SHORT(-0.86)[-0.861]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::733:from]; MLMMJ_DEST(0.00)[dev-commits-src-main]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_ALL(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[100.16.224.136:received] X-ThisMailContainsUnwantedMimeParts: N --fq2wajc46mxtvsls Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 16, 2022 at 07:08:47AM +0000, Vincenzo Maffione wrote: > The branch main has been updated by vmaffione: >=20 > URL: https://cgit.FreeBSD.org/src/commit/?id=3D393729916564ed13f966e09129= a24e6931898d12 >=20 > commit 393729916564ed13f966e09129a24e6931898d12 > Author: Vincenzo Maffione > AuthorDate: 2022-03-16 06:58:50 +0000 > Commit: Vincenzo Maffione > CommitDate: 2022-03-16 06:58:50 +0000 >=20 > netmap: Fix TOCTOU vulnerability in nmreq_copyin > =20 > The total size of the user-provided nmreq was first computed and then > trusted during the copyin. This might lead to kernel memory corruption > and escape from jails/containers. > =20 > Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiat= ive > Security: CVE-2022-23084 > MFC after: 3 days Out of curiosity, if this has an assigned CVE, should it go through the normal FreeBSD security advisory process? Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --fq2wajc46mxtvsls Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmIx9MYACgkQ/y5nonf4 4fpxYg//ePVxhCRjBC+JJbo7hT7eZYC0YAGouPan/mJ8ISXuhBx9XNUAtR20RiyU HUTXG3/StR+wLC765TX0fsT9YvZMGV5MB7gp5OCUCPDMdq8UPRflaDy/5IET1Pvh Mrdv6NDjbm+CpuTOA/LrwTZ7Jd2LkQtABTB9vxoHx0x99atJq26A/PbfQUm7DB3s lk7t2jaLJrwlGaxZ5qJA/3vw1gruG5DCNBc8dcUAH+IbArDZ4z5Iie+nkg+dJrAP 5qlFc4/KvO/ZYexg62O1PTVGDEM72qQwDY/G0SQd2Pp+Bu+ACqH40n6sNKRC0tHm MIlTuXRPrQitPn2YuQEpZewUjqVmiAmiIWofclUSD1GiUGj1hCtoJ1awQGH+wMD+ AgOiCM3pqrydAma9KZgBPydPY/yFko3wIp1bSa5WG3BgtHKFGd3jZRfVotqO9lWN Wod7bErMAmYWsBV/eXvgB3QT6SKKt5Y9AkFg2WSf2dJ1C+Po50z3Yq8Zw0D7S+c2 Q9NoHBSTLMeo0GB0xF+4OmViplifaaYwaGHqx9u/dfoAxy9tT2ANbBdVkqkGArPc el3gaQl2PJAYneYZbxJJKpTrFGTW5yxZybcovPXy8KF5+0zigI6vwZead0ftoSFr 6F5lBT0xwrWaqMb7BoGx9XH+bYKbE8nUsvY8MssvrmvNte5n4lU= =LTMI -----END PGP SIGNATURE----- --fq2wajc46mxtvsls--