svn commit: r328267 - stable/10/sys/dev/nand
Ed Maste
emaste at FreeBSD.org
Tue Jan 23 02:16:08 UTC 2018
Author: emaste
Date: Tue Jan 23 02:16:06 2018
New Revision: 328267
URL: https://svnweb.freebsd.org/changeset/base/328267
Log:
MFC r317806 by glebius:
The nandsim(4) simulator driver doesn't have any protection against
races at least in its ioctl handler, and at the same time it creates
device entry with 0666 permissions.
To plug possible issues in it:
- Mark it as needing Giant.
- Switch device mode to 0600.
Submitted by: C Turt
Reviewed by: imp
Security: Possible double free in ioctl handler
Modified:
stable/10/sys/dev/nand/nandsim.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/dev/nand/nandsim.c
==============================================================================
--- stable/10/sys/dev/nand/nandsim.c Mon Jan 22 21:45:54 2018 (r328266)
+++ stable/10/sys/dev/nand/nandsim.c Tue Jan 23 02:16:06 2018 (r328267)
@@ -71,6 +71,7 @@ static struct nandsim_chip *get_nandsim_chip(uint8_t,
static struct cdevsw nandsim_cdevsw = {
.d_version = D_VERSION,
+ .d_flags = D_NEEDGIANT,
.d_ioctl = nandsim_ioctl,
.d_name = "nandsim",
};
@@ -639,7 +640,7 @@ nandsim_modevent(module_t mod __unused, int type, void
switch (type) {
case MOD_LOAD:
nandsim_dev = make_dev(&nandsim_cdevsw, 0,
- UID_ROOT, GID_WHEEL, 0666, "nandsim.ioctl");
+ UID_ROOT, GID_WHEEL, 0600, "nandsim.ioctl");
break;
case MOD_UNLOAD:
for (i = 0; i < MAX_SIM_DEV; i++) {
More information about the svn-src-all
mailing list