CVS commit: src/sys/net

Maxime Villard Wed, 10 Jul 2019 10:55:53 -0700

Module Name:    src
Committed By:   maxv
Date:           Wed Jul 10 17:55:33 UTC 2019


Modified Files:
        src/sys/net: bpf.c

Log Message:
Fix info leak: use kmem_zalloc, because we align the buffers, and the
otherwise uninitialized padding bytes get copied to userland in bpf_read().


To generate a diff of this commit:
cvs rdiff -u -r1.228 -r1.229 src/sys/net/bpf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/bpf.c
diff -u src/sys/net/bpf.c:1.228 src/sys/net/bpf.c:1.229
--- src/sys/net/bpf.c:1.228	Mon Sep  3 16:29:35 2018
+++ src/sys/net/bpf.c	Wed Jul 10 17:55:33 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: bpf.c,v 1.228 2018/09/03 16:29:35 riastradh Exp $	*/
+/*	$NetBSD: bpf.c,v 1.229 2019/07/10 17:55:33 maxv Exp $	*/
 
 /*
  * Copyright (c) 1990, 1991, 1993
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.228 2018/09/03 16:29:35 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.229 2019/07/10 17:55:33 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_bpf.h"
@@ -1987,10 +1987,10 @@ static int
 bpf_allocbufs(struct bpf_d *d)
 {
 
-	d->bd_fbuf = kmem_alloc(d->bd_bufsize, KM_NOSLEEP);
+	d->bd_fbuf = kmem_zalloc(d->bd_bufsize, KM_NOSLEEP);
 	if (!d->bd_fbuf)
 		return (ENOBUFS);
-	d->bd_sbuf = kmem_alloc(d->bd_bufsize, KM_NOSLEEP);
+	d->bd_sbuf = kmem_zalloc(d->bd_bufsize, KM_NOSLEEP);
 	if (!d->bd_sbuf) {
 		kmem_free(d->bd_fbuf, d->bd_bufsize);
 		return (ENOBUFS);

CVS commit: src/sys/net

Reply via email to