diff options
author | cperciva <cperciva@FreeBSD.org> | 2012-11-23 01:48:31 +0000 |
---|---|---|
committer | cperciva <cperciva@FreeBSD.org> | 2012-11-23 01:48:31 +0000 |
commit | 748c98fc62710e6e068b1ac97fe79668aa6fe7d4 (patch) | |
tree | 2b14b8ff18434b4a2367f1e3269dfd7df194dcb8 /sys/compat | |
parent | 95ab21ebedf7ac88a3e0742d22e468652f026319 (diff) | |
download | FreeBSD-src-748c98fc62710e6e068b1ac97fe79668aa6fe7d4.zip FreeBSD-src-748c98fc62710e6e068b1ac97fe79668aa6fe7d4.tar.gz |
MFS security patches which seem to have accidentally not reached HEAD:
Fix insufficient message length validation for EAP-TLS messages.
Fix Linux compatibility layer input validation error.
Security: FreeBSD-SA-12:07.hostapd
Security: FreeBSD-SA-12:08.linux
Security: CVE-2012-4445, CVE-2012-4576
With hat: so@
Diffstat (limited to 'sys/compat')
-rw-r--r-- | sys/compat/linux/linux_ioctl.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/compat/linux/linux_ioctl.c b/sys/compat/linux/linux_ioctl.c index 0a9cd27..868a4c6 100644 --- a/sys/compat/linux/linux_ioctl.c +++ b/sys/compat/linux/linux_ioctl.c @@ -2260,8 +2260,9 @@ again: ifc.ifc_len = valid_len; sbuf_finish(sb); - memcpy(PTRIN(ifc.ifc_buf), sbuf_data(sb), ifc.ifc_len); - error = copyout(&ifc, uifc, sizeof(ifc)); + error = copyout(sbuf_data(sb), PTRIN(ifc.ifc_buf), ifc.ifc_len); + if (error == 0) + error = copyout(&ifc, uifc, sizeof(ifc)); sbuf_delete(sb); CURVNET_RESTORE(); |