Module Name: src
Committed By: maxv
Date: Thu Dec 27 09:57:16 UTC 2018
Modified Files:
src/sys/compat/netbsd32: netbsd32_compat_14.c netbsd32_conv.h
src/sys/compat/sys: msg.h
Log Message:
Fix kernel info leaks.
+ Possible info leak: [len=80, leaked=10]
| #0 0xffffffff80bad7a7 in kleak_copyout
| #1 0xffffffff8048e71b in netbsd32___msgctl50
| #2 0xffffffff8022fb5b in netbsd32_syscall
| #3 0xffffffff802096dd in handle_syscall
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/sys/compat/netbsd32/netbsd32_compat_14.c
cvs rdiff -u -r1.36 -r1.37 src/sys/compat/netbsd32/netbsd32_conv.h
cvs rdiff -u -r1.4 -r1.5 src/sys/compat/sys/msg.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/netbsd32/netbsd32_compat_14.c
diff -u src/sys/compat/netbsd32/netbsd32_compat_14.c:1.26 src/sys/compat/netbsd32/netbsd32_compat_14.c:1.27
--- src/sys/compat/netbsd32/netbsd32_compat_14.c:1.26 Thu Jan 7 21:58:28 2016
+++ src/sys/compat/netbsd32/netbsd32_compat_14.c Thu Dec 27 09:57:16 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_compat_14.c,v 1.26 2016/01/07 21:58:28 joerg Exp $ */
+/* $NetBSD: netbsd32_compat_14.c,v 1.27 2018/12/27 09:57:16 maxv Exp $ */
/*
* Copyright (c) 1999 Eduardo E. Horvath
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_compat_14.c,v 1.26 2016/01/07 21:58:28 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_compat_14.c,v 1.27 2018/12/27 09:57:16 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_sysv.h"
@@ -107,6 +107,7 @@ static inline void
native_to_netbsd32_msqid_ds14(struct msqid_ds *msqbuf, struct netbsd32_msqid_ds14 *omsqbuf)
{
+ memset(omsqbuf, 0, sizeof(*omsqbuf));
native_to_netbsd32_ipc_perm14(&msqbuf->msg_perm, &omsqbuf->msg_perm);
#define CVT(x) omsqbuf->x = msqbuf->x
Index: src/sys/compat/netbsd32/netbsd32_conv.h
diff -u src/sys/compat/netbsd32/netbsd32_conv.h:1.36 src/sys/compat/netbsd32/netbsd32_conv.h:1.37
--- src/sys/compat/netbsd32/netbsd32_conv.h:1.36 Sun Nov 25 17:58:29 2018
+++ src/sys/compat/netbsd32/netbsd32_conv.h Thu Dec 27 09:57:16 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_conv.h,v 1.36 2018/11/25 17:58:29 mlelstv Exp $ */
+/* $NetBSD: netbsd32_conv.h,v 1.37 2018/12/27 09:57:16 maxv Exp $ */
/*
* Copyright (c) 1998, 2001 Matthew R. Green
@@ -555,6 +555,7 @@ netbsd32_from_msqid_ds50(const struct ms
struct netbsd32_msqid_ds50 *ds32p)
{
+ memset(ds32p, 0, sizeof(*ds32p));
netbsd32_from_ipc_perm(&dsp->msg_perm, &ds32p->msg_perm);
ds32p->_msg_cbytes = (netbsd32_u_long)dsp->_msg_cbytes;
ds32p->msg_qnum = (netbsd32_u_long)dsp->msg_qnum;
@@ -571,6 +572,7 @@ netbsd32_from_msqid_ds(const struct msqi
struct netbsd32_msqid_ds *ds32p)
{
+ memset(ds32p, 0, sizeof(*ds32p));
netbsd32_from_ipc_perm(&dsp->msg_perm, &ds32p->msg_perm);
ds32p->_msg_cbytes = (netbsd32_u_long)dsp->_msg_cbytes;
ds32p->msg_qnum = (netbsd32_u_long)dsp->msg_qnum;
Index: src/sys/compat/sys/msg.h
diff -u src/sys/compat/sys/msg.h:1.4 src/sys/compat/sys/msg.h:1.5
--- src/sys/compat/sys/msg.h:1.4 Mon Jan 19 19:39:41 2009
+++ src/sys/compat/sys/msg.h Thu Dec 27 09:57:16 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: msg.h,v 1.4 2009/01/19 19:39:41 christos Exp $ */
+/* $NetBSD: msg.h,v 1.5 2018/12/27 09:57:16 maxv Exp $ */
/*
* SVID compatible msg.h file
@@ -108,6 +108,7 @@ static __inline void
__native_to_msqid_ds13(const struct msqid_ds *msqbuf, struct msqid_ds13 *omsqbuf)
{
+ memset(omsqbuf, 0, sizeof(*omsqbuf));
omsqbuf->msg_perm = msqbuf->msg_perm;
#define CVT(x) omsqbuf->x = msqbuf->x
@@ -149,6 +150,7 @@ static __inline void
__native_to_msqid_ds14(const struct msqid_ds *msqbuf, struct msqid_ds14 *omsqbuf)
{
+ memset(omsqbuf, 0, sizeof(*omsqbuf));
__native_to_ipc_perm14(&msqbuf->msg_perm, &omsqbuf->msg_perm);
#define CVT(x) omsqbuf->x = msqbuf->x
