Quantcast

errata 005 for OpenBSD 4.2: local users can provoke a kernel panic

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

errata 005 for OpenBSD 4.2: local users can provoke a kernel panic

Henning Brauer-2
Summary:
   Improper checks in an ioctl can lead to a kernel panic.

Details:
    recently added calls to rtlabel_id2name() for "ifconfig rtlabel"
    did not properly check the return value before using it.
    rtlabel_id2name can return NULL if there is no label assigned
    or the ID is invalid.

Impact:
    local users can cause a kernel panic by using the SIOCGIFRTLABEL
    ioctl on interfaces with no route label assigned.
    ifconfig does not use that ioctl.

Workaround:
    none

Fix:
    A fix has been committed to OpenBSD-current and the OpenBSD 4.2-stable
    branch.
    A patch for OpenBSD 4.2 will appear at the URL below shortly.

    ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/005_ifrtlabel.patch

    Older OpenBSD versions are not affected.

Credits:
    The bug was found by Chris Cappuccio who also provided an initial
    fix.  The final fix was done by Henning Brauer.

attachment0 (194 bytes) Download Attachment
Loading...