FreeBSD Security Advisory FreeBSD-SA-05:08.kmem
Uwe Doering
gemini at geminix.org
Fri May 6 13:22:47 PDT 2005
Uwe Doering wrote:
> FreeBSD Security Advisories wrote:
>
> [...]
> However, isn't there a similar case in tcp_pcblist()? Only that this
> time a "struct xtcpcb" variable is concerned. It isn't guaranteed to be
> completely initialized, either. Especially since it has the same kind
> of explicit alignment padding at the end as "struct xinpcb" which cannot
> be expected to become initialized in the course of data assignment in
> any case.
> [...]
Well, I'm afraid there is another one in unp_pcblist() (uipc_usrreq.c).
Same story. After that I searched the whole kernel sources for
'_pcblist', but it turned out that tcp_pcblist() and unp_pcblist() are
the only places that had been overlooked. At least as far as functions
named '*_pcblist' are concerned ...
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini at geminix.org | http://www.escapebox.net
More information about the freebsd-security
mailing list