diff options
author | Colin Percival <cperciva@FreeBSD.org> | 2006-12-06 09:15:40 +0000 |
---|---|---|
committer | Colin Percival <cperciva@FreeBSD.org> | 2006-12-06 09:15:40 +0000 |
commit | bd60f04dc1039aa42e27603c869b0248b4848a0b (patch) | |
tree | 9583b9a2e33a7593cd6cb1b7f8cd413e7ac53fd7 | |
parent | cb71836b2a458823180689add0328222c561b199 (diff) | |
download | src-bd60f04dc1039aa42e27603c869b0248b4848a0b.tar.gz src-bd60f04dc1039aa42e27603c869b0248b4848a0b.zip |
Correct a signedness bug which allowed members of the operator
group to read kernel memory.
Security: FreeBSD-SA-06:25.kmem
Approved by: so (cperciva)
Notes
Notes:
svn path=/releng/6.0/; revision=164942
-rw-r--r-- | UPDATING | 4 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
-rw-r--r-- | sys/dev/firewire/fwdev.c | 2 |
3 files changed, 6 insertions, 2 deletions
@@ -8,6 +8,10 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20061206: p16 FreeBSD-SA-06:25.kmem + Correct a signedness bug which allowed members of the operator + group to read kernel memory. + 20060930: p15 FreeBSD-SA-06:22.openssh Correct multiple vulnerabilities in sshd(8). diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 067b1c530029..049498f97c6c 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="6.0" -BRANCH="RELEASE-p15" +BRANCH="RELEASE-p16" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi diff --git a/sys/dev/firewire/fwdev.c b/sys/dev/firewire/fwdev.c index e42c30a78c97..5b461906f432 100644 --- a/sys/dev/firewire/fwdev.c +++ b/sys/dev/firewire/fwdev.c @@ -712,7 +712,7 @@ out: else len = fwdev->rommax - CSRROMOFF + 4; } - if (crom_buf->len < len) + if (crom_buf->len < len && crom_buf->len >= 0) len = crom_buf->len; else crom_buf->len = len; |