CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/06/27 23:33:20
Modified files:
sbin/iked : proc.c
usr.sbin/httpd : proc.c
usr.sbin/relayd: proc.c
usr.sbin/snmpd : proc.c
Log message:
restrict IMSG_CTL_PROCFD to parent and check process id/instance
IMSG_CTL_PROCFD messages contain a destination process id and instance
number that were used to index internal arrays before being checked.
A child sending bad imsgs could cause out-of-bounds reads or
writes.
Check for a missing fd, a bad process id, or an out-of-range instance
before any array is indexed. Also reject IMSG_CTL_PROCFD that does not
come from the parent.
from Andrew Griffiths, diff by martijn@ and myself, ok martijn@