aboutsummaryrefslogtreecommitdiff
path: root/sys/kern/vfs_vnops.c
diff options
context:
space:
mode:
authorGordon Tetlow <gordon@FreeBSD.org>2018-09-12 04:57:34 +0000
committerGordon Tetlow <gordon@FreeBSD.org>2018-09-12 04:57:34 +0000
commitc9e562b188682eb9be39a8124893aa172b57d3ca (patch)
treef234f964dd81d1ec5c2510e61c2524f2622cc42e /sys/kern/vfs_vnops.c
parente382dd47aa55ddba0497a93bdeddcd9ff92b6877 (diff)
downloadsrc-c9e562b188682eb9be39a8124893aa172b57d3ca.tar.gz
src-c9e562b188682eb9be39a8124893aa172b57d3ca.zip
Correct ELF header parsing code to prevent invalid ELF sections from
disclosing memory. Submitted by: markj Reported by: Thomas Barabosch, Fraunhofer FKIE Approved by: re (implicit) Approved by: so Security: FreeBSD-SA-18:12.elf Security: CVE-2018-6924 Sponsored by: The FreeBSD Foundation
Notes
Notes: svn path=/head/; revision=338603
Diffstat (limited to 'sys/kern/vfs_vnops.c')
-rw-r--r--sys/kern/vfs_vnops.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index 09f665e8f3fb..00392ee3a072 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -527,6 +527,8 @@ vn_rdwr(enum uio_rw rw, struct vnode *vp, void *base, int len, off_t offset,
struct vn_io_fault_args args;
int error, lock_flags;
+ if (offset < 0 && vp->v_type != VCHR)
+ return (EINVAL);
auio.uio_iov = &aiov;
auio.uio_iovcnt = 1;
aiov.iov_base = base;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-30 15:51:31 +0000