Source-Changes-D archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/sys/ufs/ffs



To: source-changes-d%NetBSD.org@localhost
Subject: Re: CVS commit: src/sys/ufs/ffs
From: David Holland <dholland-sourcechanges%netbsd.org@localhost>
Date: Sat, 7 May 2016 21:01:20 +0000
 
On Sat, May 07, 2016 at 11:59:09AM +0000, Maxime Villard wrote:
 > Modified Files:
 >  src/sys/ufs/ffs: ffs_subr.c
 > 
 > Log Message:
 > uaf

 : -       if ((*bpp)->b_blkno >= 0 && (error = fscow_run(*bpp, false)) != 0)
 : +       if ((*bpp)->b_blkno >= 0 && (error = fscow_run(*bpp, false)) != 0) {
 :                brelse(*bpp, BC_INVAL);
 : +               *bpp = NULL;
 : +       }

If this makes any difference it means that the caller (of ffs_getblk)
is using the returned buffer even if the function fails, which is
wrong.

Please don't commit changes that mask bugs elsewhere... but in any
case please provide more information about what "uaf" you found and
where it really happens, so it can be fixed properly.

-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:

Re: CVS commit: src/sys/ufs/ffs
From: Maxime Villard


Prev by Date: Re: CVS commit: src/sys/ufs/ffs

Next by Date: re: CVS commit: src/sys/arch/amd64/amd64

Previous by Thread: Re: CVS commit: src/sys/ufs/ffs

Next by Thread: Re: CVS commit: src/sys/ufs/ffs

Indexes:

reverse Date
reverse Thread
Old Index


Home | Main Index | Thread Index | Old Index