Bug 16552
| Summary: | sys/dev/ppbus/pcfclock.c lacks a proper buffer size check | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | Sascha Schumann <sascha> | ||||
| Component: | kern | Assignee: | freebsd-bugs (Nobody) <bugs> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | sascha | ||||
| Priority: | Normal | ||||||
| Version: | 4.0-CURRENT | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
State Changed From-To: open->closed Committed, thanks! |
By passing a too small buffer into pcfclock_read(), an overrun can happen. How-To-Repeat: int fd; char buf[3]; fd = open("/dev/pcfclock0", O_RDONLY); read(fd, buf, 3);