Clone
Lucas Holt
committed
on 17 Nov 20
| kern_jail: missing \0 termination check on osrelease parameter | | If a user spplies a non-\0 terminated osrelease parameter reading it … Show more
|  kern_jail: missing \0 termination check on osrelease parameter | |  If a user spplies a non-\0 terminated osrelease parameter reading it back |  may disclose kernel memory. |  This is a problem in case of nested jails (children.max > 0, which is not |  the default).  Otherwise root outside the jail has access to kernel memory |  by other means and root inside a jail cannot create a child jail. | |  Add the proper \0 check at the end of a supplied osrelease parameter and |  make sure any copies of the field will be \0-terminated.

Show less