Le 27/06/2020 à 17:50, Christos Zoulas a écrit :
Please revert all of this change. First, there was a clear vulnerability in this change, which I fixed in: https://mail-index.netbsd.org/source-changes/2020/06/27/msg118731.html Then, as I said in the change, there are additional problems: 137 static __inline int 138 statvfs_to_statfs12_copy(const void *vs, void *vs12, size_t l) 139 { 140 struct statfs12 *s12 = STATVFSBUF_GET(); 141 int error; 142 143 statvfs_to_statfs12(vs, s12); 144 error = copyout(s12, vs12, l); 145 STATVFSBUF_PUT(s12); 146 147 return error; 148 } STATVFSBUF_GET() allocates struct statvfs, but here we're using struct statfs12. How can this be expected to be correct?It is larger than needed, so it works.
Why insist on using the wrong structure, when you could just as easily use the correct structure? I don't get the point. Maxime
