Bug #2101

bpf_filter() can leak kernel stack contents

Added by guy about 3 years ago. Updated almost 3 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

http://seclists.org/fulldisclosure/2010/Nov/89

That's Linux's BPF interpreter, but the same problem exists with the *BSD BPF interpreter:

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/bpf_filter.c.diff?r1=1.21;r2=1.22

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/bpf_filter.c?rev=1.22;content-type=text%2Fx-cvsweb-markup

Dan's program doesn't directly map to *BSD, but something could probably be cooked up.

OpenBSD's fix clears it up.

History

#1 Updated by vsrinivas almost 3 years ago

Closed by 2d4fcd80be0766d5eff1593ac3e64d84a2929a4b.

Also available in: Atom PDF