Le 27/06/2020 à 17:50, Christos Zoulas a écrit :

Please revert all of this change.

First, there was a clear vulnerability in this change, which I fixed in:


Then, as I said in the change, there are additional problems:

137 static __inline int
138 statvfs_to_statfs12_copy(const void *vs, void *vs12, size_t l)
139 {
140     struct statfs12 *s12 = STATVFSBUF_GET();
141     int error;
143     statvfs_to_statfs12(vs, s12);
144     error = copyout(s12, vs12, l);
145     STATVFSBUF_PUT(s12);
147     return error;
148 }

STATVFSBUF_GET() allocates struct statvfs, but here we're using struct
statfs12. How can this be expected to be correct?

It is larger than needed, so it works.

Why insist on using the wrong structure, when you could just as easily use
the correct structure? I don't get the point.


Reply via email to