Module Name: src
Committed By: maxv
Date: Tue Jul 9 17:06:46 UTC 2019
Modified Files:
src/sys/dev/dkwedge: dkwedge_apple.c dkwedge_bsdlabel.c dkwedge_gpt.c
dkwedge_mbr.c dkwedge_rdb.c
Log Message:
Fix info leak: always clear 'dkw', because some of its (otherwise
uninitialized) fields can be copied to userland, typically in the
DIOCGWEDGEINFO ioctl.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/sys/dev/dkwedge/dkwedge_apple.c \
src/sys/dev/dkwedge/dkwedge_rdb.c
cvs rdiff -u -r1.23 -r1.24 src/sys/dev/dkwedge/dkwedge_bsdlabel.c \
src/sys/dev/dkwedge/dkwedge_gpt.c
cvs rdiff -u -r1.10 -r1.11 src/sys/dev/dkwedge/dkwedge_mbr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/dkwedge/dkwedge_apple.c
diff -u src/sys/dev/dkwedge/dkwedge_apple.c:1.4 src/sys/dev/dkwedge/dkwedge_apple.c:1.5
--- src/sys/dev/dkwedge/dkwedge_apple.c:1.4 Sat Jul 6 05:41:23 2019
+++ src/sys/dev/dkwedge/dkwedge_apple.c Tue Jul 9 17:06:46 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: dkwedge_apple.c,v 1.4 2019/07/06 05:41:23 maxv Exp $ */
+/* $NetBSD: dkwedge_apple.c,v 1.5 2019/07/09 17:06:46 maxv Exp $ */
/*-
* Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dkwedge_apple.c,v 1.4 2019/07/06 05:41:23 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dkwedge_apple.c,v 1.5 2019/07/09 17:06:46 maxv Exp $");
#include <sys/param.h>
#ifdef _KERNEL
@@ -225,6 +225,7 @@ dkwedge_discover_apple(struct disk *pdk,
}
struct dkwedge_info dkw;
+ memset(&dkw, 0, sizeof(dkw));
strlcpy(dkw.dkw_ptype, ptype, sizeof(dkw.dkw_ptype));
strlcpy(dkw.dkw_parent, pdk->dk_name, sizeof(dkw.dkw_parent));
Index: src/sys/dev/dkwedge/dkwedge_rdb.c
diff -u src/sys/dev/dkwedge/dkwedge_rdb.c:1.4 src/sys/dev/dkwedge/dkwedge_rdb.c:1.5
--- src/sys/dev/dkwedge/dkwedge_rdb.c:1.4 Tue Feb 28 04:47:41 2017
+++ src/sys/dev/dkwedge/dkwedge_rdb.c Tue Jul 9 17:06:46 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: dkwedge_rdb.c,v 1.4 2017/02/28 04:47:41 rin Exp $ */
+/* $NetBSD: dkwedge_rdb.c,v 1.5 2019/07/09 17:06:46 maxv Exp $ */
/*
* Adapted from arch/amiga/amiga/disksubr.c:
@@ -68,7 +68,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dkwedge_rdb.c,v 1.4 2017/02/28 04:47:41 rin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dkwedge_rdb.c,v 1.5 2019/07/09 17:06:46 maxv Exp $");
#include <sys/param.h>
#include <sys/disklabel_rdb.h>
@@ -165,6 +165,8 @@ dkwedge_discover_rdb(struct disk *pdk, s
bp = DKW_REALLOC(bp, bufsize);
}
+ memset(&dkw, 0, sizeof(dkw));
+
strlcpy(dkw.dkw_parent, pdk->dk_name, sizeof(dkw.dkw_parent));
found = root = swap = false;
Index: src/sys/dev/dkwedge/dkwedge_bsdlabel.c
diff -u src/sys/dev/dkwedge/dkwedge_bsdlabel.c:1.23 src/sys/dev/dkwedge/dkwedge_bsdlabel.c:1.24
--- src/sys/dev/dkwedge/dkwedge_bsdlabel.c:1.23 Tue Nov 4 07:45:45 2014
+++ src/sys/dev/dkwedge/dkwedge_bsdlabel.c Tue Jul 9 17:06:46 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: dkwedge_bsdlabel.c,v 1.23 2014/11/04 07:45:45 mlelstv Exp $ */
+/* $NetBSD: dkwedge_bsdlabel.c,v 1.24 2019/07/09 17:06:46 maxv Exp $ */
/*-
* Copyright (c) 2004 The NetBSD Foundation, Inc.
@@ -79,7 +79,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dkwedge_bsdlabel.c,v 1.23 2014/11/04 07:45:45 mlelstv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dkwedge_bsdlabel.c,v 1.24 2019/07/09 17:06:46 maxv Exp $");
#include <sys/param.h>
#ifdef _KERNEL
@@ -227,6 +227,9 @@ addwedges(const mbr_args_t *a, const str
if (p->p_fstype == FS_UNUSED)
continue;
+
+ memset(&dkw, 0, sizeof(dkw));
+
ptype = bsdlabel_fstype_to_str(p->p_fstype);
if (ptype == NULL)
snprintf(dkw.dkw_ptype, sizeof(dkw.dkw_ptype),
Index: src/sys/dev/dkwedge/dkwedge_gpt.c
diff -u src/sys/dev/dkwedge/dkwedge_gpt.c:1.23 src/sys/dev/dkwedge/dkwedge_gpt.c:1.24
--- src/sys/dev/dkwedge/dkwedge_gpt.c:1.23 Sat Jun 22 06:45:46 2019
+++ src/sys/dev/dkwedge/dkwedge_gpt.c Tue Jul 9 17:06:46 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: dkwedge_gpt.c,v 1.23 2019/06/22 06:45:46 maxv Exp $ */
+/* $NetBSD: dkwedge_gpt.c,v 1.24 2019/07/09 17:06:46 maxv Exp $ */
/*-
* Copyright (c) 2004 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dkwedge_gpt.c,v 1.23 2019/06/22 06:45:46 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dkwedge_gpt.c,v 1.24 2019/07/09 17:06:46 maxv Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -242,6 +242,8 @@ dkwedge_discover_gpt(struct disk *pdk, s
uuid_snprintf(ent_guid_str, sizeof(ent_guid_str),
&ent_guid);
+ memset(&dkw, 0, sizeof(dkw));
+
/* figure out the type */
ptype = gpt_ptype_guid_to_str(&ptype_guid);
strlcpy(dkw.dkw_ptype, ptype, sizeof(dkw.dkw_ptype));
Index: src/sys/dev/dkwedge/dkwedge_mbr.c
diff -u src/sys/dev/dkwedge/dkwedge_mbr.c:1.10 src/sys/dev/dkwedge/dkwedge_mbr.c:1.11
--- src/sys/dev/dkwedge/dkwedge_mbr.c:1.10 Thu Jan 19 00:44:40 2017
+++ src/sys/dev/dkwedge/dkwedge_mbr.c Tue Jul 9 17:06:46 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: dkwedge_mbr.c,v 1.10 2017/01/19 00:44:40 maya Exp $ */
+/* $NetBSD: dkwedge_mbr.c,v 1.11 2019/07/09 17:06:46 maxv Exp $ */
/*-
* Copyright (c) 2004 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dkwedge_mbr.c,v 1.10 2017/01/19 00:44:40 maya Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dkwedge_mbr.c,v 1.11 2019/07/09 17:06:46 maxv Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -114,6 +114,8 @@ getparts(mbr_args_t *a, uint32_t off, ui
break;
}
+ memset(&dkw, 0, sizeof(dkw));
+
if ((ptype = mbr_ptype_to_str(dp[i].mbrp_type)) == NULL) {
/*
* XXX Should probably just add these...
