The branch main has been updated by markj:
URL:
https://cgit.FreeBSD.org/src/commit/?id=cfa2c78aee859bfc6549951bb6a36085fdd374e8
commit cfa2c78aee859bfc6549951bb6a36085fdd374e8
Author: Mark Johnston <ma...@freebsd.org>
AuthorDate: 2024-01-23 16:40:40 +0000
Commit: Mark Johnston <ma...@freebsd.org>
CommitDate: 2024-01-23 16:40:40 +0000
bhyve: Avoid underflows when handling remote commands
Reviewed by: corvink, jhb
MFC after: 1 week
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D43480
---
usr.sbin/bhyve/gdb.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/usr.sbin/bhyve/gdb.c b/usr.sbin/bhyve/gdb.c
index 2d49469c2e11..f1aabbde43fd 100644
--- a/usr.sbin/bhyve/gdb.c
+++ b/usr.sbin/bhyve/gdb.c
@@ -1052,6 +1052,8 @@ gdb_read_mem(const uint8_t *data, size_t len)
bool started;
int error;
+ assert(len >= 1);
+
/* Skip 'm' */
data += 1;
len -= 1;
@@ -1163,6 +1165,8 @@ gdb_write_mem(const uint8_t *data, size_t len)
size_t resid, todo, bytes;
int error;
+ assert(len >= 1);
+
/* Skip 'M' */
data += 1;
len -= 1;
@@ -1557,7 +1561,7 @@ gdb_query(const uint8_t *data, size_t len)
data += strlen("qThreadExtraInfo");
len -= strlen("qThreadExtraInfo");
- if (*data != ',') {
+ if (len == 0 || *data != ',') {
send_error(EINVAL);
return;
}
@@ -1608,7 +1612,7 @@ handle_command(const uint8_t *data, size_t len)
case 'H': {
int tid;
- if (data[1] != 'g' && data[1] != 'c') {
+ if (len < 2 || (data[1] != 'g' && data[1] != 'c')) {
send_error(EINVAL);
break;
}
