K 10
svn:author
V 5
markj
K 8
svn:date
V 27
2019-01-05T15:28:20.788223Z
K 7
svn:log
V 467
Add a bounds check to the tws(4) passthrough ioctl handler.

tws_passthru() was doing a copyin of a user-specified request
without validating its length, so a malicious request could overrun
the buffer.  By default, the tws(4) device file is only accessible
as root.

admbug:		825
Reported by:	Anonymous of the Shellphish Grill Team
Reviewed by:	delphij
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D18536

END