[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ppc/4060: vnconfig -l: ioctl VNDIOCGET gets EFAULT on copyoutstr(9)

To: bugs_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
Subject: Re: ppc/4060: vnconfig -l: ioctl VNDIOCGET gets EFAULT on copyoutstr(9)
From: Ted Unangst <tedu_(_at_)_zeitbombe_(_dot_)_org>
Date: Tue, 4 Jan 2005 23:35:03 -0700 (MST)
Cc:
Reply-to: Ted Unangst <tedu_(_at_)_zeitbombe_(_dot_)_org>

The following reply was made to PR ppc/4060; it has been noted by GNATS.

From: Ted Unangst <tedu_(_at_)_zeitbombe_(_dot_)_org>
To: Matthias Kilian <kili_(_at_)_outback_(_dot_)_escape_(_dot_)_de>
Cc: gnats_(_at_)_openbsd_(_dot_)_org, GNATS Filer <gnats_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org>,
        bugs_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
Subject: Re: ppc/4060: vnconfig -l: ioctl VNDIOCGET gets EFAULT on copyoutstr(9)
Date: Wed, 5 Jan 2005 01:22:11 -0500 (EST)

 On Tue, 4 Jan 2005, Matthias Kilian wrote:
 
 > 	3. (after some hacking and debuggin):
 >         The ioctl VNDIOCGET in vnconfig.c, getinfo(), returns -1,
 >         with errno == EFAULT. Further debugging shows that this
 >         happens in /usr/src/sys/dev/vnd.c, line 924 (the call to
 >         copyoutstr(9) in the VNDIOCGET case).
 > 
 >         I looked at copyoutstr(9) in sys/powerpc/powerpc/pmap.c,
 >         but since I'm still too newbie on BSD, I gave up at this
 >         point.
 
 change copyoutstr to strlcpy.  vnu_file is a kernel address.
 
 > 	Please note that all this effects don't show on i386.
 
 that's probably a bug too.
 
 
 -- 
 we fear that pop-culture
 is the only kind of culture we're ever going to have

Prev by Date: Off by one buffer overflow in getcwd(3)
Next by Date: grep(1) doesn't mention -r
Previous by thread: Off by one buffer overflow in getcwd(3)
Next by thread: grep(1) doesn't mention -r
Index(es):
- Date
- Thread

Visit your host, monkey.org