Le 27/06/2020 à 17:50, Christos Zoulas a écrit :

Please revert all of this change.

First, there was a clear vulnerability in this change, which I fixed in:

        https://mail-index.netbsd.org/source-changes/2020/06/27/msg118731.html

Then, as I said in the change, there are additional problems:

137 static __inline int
138 statvfs_to_statfs12_copy(const void *vs, void *vs12, size_t l)
139 {
140     struct statfs12 *s12 = STATVFSBUF_GET();
141     int error;
142
143     statvfs_to_statfs12(vs, s12);
144     error = copyout(s12, vs12, l);
145     STATVFSBUF_PUT(s12);
146
147     return error;
148 }

STATVFSBUF_GET() allocates struct statvfs, but here we're using struct
statfs12. How can this be expected to be correct?

It is larger than needed, so it works.

Why insist on using the wrong structure, when you could just as easily use
the correct structure? I don't get the point.

Maxime

Reply via email to