Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f873bdb932
NetBSD/sys/miscfs
History
maxv 83fce8c371 1) 'error' is returned while it does not even hold an error code. Which 
means that zero is returned, and the kernel keeps mounting (and it
   probably ends up in a deadlock/memory corruption somewhere).
2) 'nentries' and 'gnentries' are int and user-controlled, and there's no
   check to ensure they are greater than zero. Since they are used to
   compute the size of two copyin's, a user can control the copied size
   by giving a negative value (like 128-2^29), and thus overwrite kernel
   memory.

Both triggerable from root only.
2014-08-11 14:02:14 +00:00
..
deadfs Add VOP_FALLOCATE and VOP_FDISCARD to every vnode ops table I can 2014-07-25 08:20:51 +00:00
fdesc Add VOP_FALLOCATE and VOP_FDISCARD to every vnode ops table I can 2014-07-25 08:20:51 +00:00
fifofs split PRU_CONNECT2 & PRU_PURGEIF function out of pr_generic() usrreq 2014-08-09 05:33:00 +00:00
genfs Change field "layerm_tag" to correct type "enum vtagtype". 2014-05-28 10:51:20 +00:00
kernfs Add VOP_FALLOCATE and VOP_FDISCARD to every vnode ops table I can 2014-07-25 08:20:51 +00:00
nullfs Change layerfs from hashlist to vcache. 2014-05-25 13:51:25 +00:00
overlay Change layerfs from hashlist to vcache. 2014-05-25 13:51:25 +00:00
procfs #include <sys/cpu.h> 2014-08-10 06:22:06 +00:00
specfs Add VOP_FALLOCATE and VOP_FDISCARD to every vnode ops table I can 2014-07-25 08:20:51 +00:00
syncfs Ensure that the top level sysctl nodes (kern, vfs, net, ...) exist before 2014-02-25 18:30:08 +00:00
umapfs 1) 'error' is returned while it does not even hold an error code. Which 2014-08-11 14:02:14 +00:00
Makefile