U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
Updated the XNU code browser to xnu-4903.221.2. https://fergofrog.com/code/cbowser/xnu/ …
Makes it very easy to verify @s1guza/@NedWilliamson's points regarding @RazMashat/@userlandkernel's unexploitable bug. From https://fergofrog.com/code/cbowser/xnu/bsd/netinet/mptcp_subr.c.html#mptcp_subflow_add … there are 3 uses. For the simple case, the sa_len is checked at https://fergofrog.com/code/cbowser/xnu/bsd/netinet/mptcp_usrreq.c.html#325 … (mptcp_usr_connectx).
mptcp_subflow_connected_ev operates on the CONNECTED event, called at https://fergofrog.com/code/cbowser/xnu/bsd/netinet/mptcp_subr.c.html#3219 …. The mpts->mpts_dst, however, only has uses in two other functions mptcp_subflow_add (the function in question) and https://fergofrog.com/code/cbowser/xnu/bsd/netinet/mptcp_subr.c.html#mptcp_subflow_soconnectx … (does check sa_len).
Finally mptcp_check_subflows_and_add, either passes a fixed length dst struct, or one from mpte->mpte_dst, which is set from https://fergofrog.com/code/cbowser/xnu/bsd/netinet/mptcp_usrreq.c.html#353 …, which is our dear friend from before, mptcp_usr_connectx, which checks sa_len.
Unless there's a driver that happily passes sockaddr's from userland into mptcp straight through mptcp_connectx, rather than mptcp_usr_connectx, this is not an exploitable bug. Definitely doesn't require additional checks to be added, or a CVE to be assigned.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
