Le 27/06/2020 à 17:50, Christos Zoulas a écrit :
Please revert all of this change.
First, there was a clear vulnerability in this change, which I fixed in:
Then, as I said in the change, there are additional problems:
137 static __inline int
138 statvfs_to_statfs12_copy(const void *vs, void *vs12, size_t l)
140 struct statfs12 *s12 = STATVFSBUF_GET();
141 int error;
143 statvfs_to_statfs12(vs, s12);
144 error = copyout(s12, vs12, l);
147 return error;
STATVFSBUF_GET() allocates struct statvfs, but here we're using struct
statfs12. How can this be expected to be correct?
It is larger than needed, so it works.
Why insist on using the wrong structure, when you could just as easily use
the correct structure? I don't get the point.