The logic in mmrw() to check whether an address is within direct - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	bluhm <bluhm@openbsd.org>	2021-03-24 14:26:39 +0000
committer	bluhm <bluhm@openbsd.org>	2021-03-24 14:26:39 +0000
commit	fc24682d162d1168f8409889883aa738fd923555 (patch)
tree	79969bb5fa7623f7309543bfd6b3538e574fb9d7 /lib/libssl/ssl_lib.c
parent	Convert openssl(1) x509 option handling (diff)
download	wireguard-openbsd-fc24682d162d1168f8409889883aa738fd923555.tar.xz wireguard-openbsd-fc24682d162d1168f8409889883aa738fd923555.zip

The logic in mmrw() to check whether an address is within direct

map was the wrong way around. The && prevented an EFAULT error and could pass userland addresses as kernel source to copyout(9). The kernel could crash with protection fault due to an invalid offset when reading /dev/kmem. Also make the range checks stricter. Not only the start address must be valid, but also the end address must be within the region to be copied. Note that sysctl kern.allowkmem=0 makes the bug unreachable by default. OK deraadt@

Diffstat (limited to 'lib/libssl/ssl_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: