ccd.c possible vuln?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

ccd.c possible vuln?

ramrunner
Hi .. yesterday i was looking in the source of /usr/src/sys/dev/ccd.c
ccd->ccd_ndev is used in malloc()s without checking if it's value is 0
if that happens then malloc will allocate ffffff bytes .
i don't know if i am right , so if you think it matters i can provide
a patch. *but possibly i'm just wrong ;) *
thanks for reading
DsP

Reply | Threaded
Open this post in threaded view
|

Re: ccd.c possible vuln?

Michael Shalayeff-2
On Thu, Jul 20, 2006 at 05:13:07PM +0300, ramrunner wrote:
> Hi .. yesterday i was looking in the source of /usr/src/sys/dev/ccd.c
> ccd->ccd_ndev is used in malloc()s without checking if it's value is 0
> if that happens then malloc will allocate ffffff bytes .
> i don't know if i am right , so if you think it matters i can provide
> a patch. *but possibly i'm just wrong ;) *
> thanks for reading

apparently yeah -- a couple of vars were not checked (:

cu
--
    paranoic mickey       (my employers have changed but, the name has remained)

Reply | Threaded
Open this post in threaded view
|

Re: ccd.c possible vuln?

Otto Moerbeek
In reply to this post by ramrunner
On Thu, 20 Jul 2006, ramrunner wrote:

> Hi .. yesterday i was looking in the source of /usr/src/sys/dev/ccd.c
> ccd->ccd_ndev is used in malloc()s without checking if it's value is 0
> if that happens then malloc will allocate ffffff bytes .
> i don't know if i am right , so if you think it matters i can provide
> a patch. *but possibly i'm just wrong ;) *
> thanks for reading
> DsP

Please be more explicit. Which call to malloc() are you talkin about?

        -Otto