Date: Sun, 21 Jul 2024 05:25:29 GMT From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 1eb62930e736 - stable/14 - kern: zero out stack buffer after copying out random bits Message-ID: <202407210525.46L5PT7O017538@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=1eb62930e73689ce8e9cc68cf6f5cdc337c56bf3 commit 1eb62930e73689ce8e9cc68cf6f5cdc337c56bf3 Author: Kyle Evans <kevans@FreeBSD.org> AuthorDate: 2024-07-15 20:17:47 +0000 Commit: Kyle Evans <kevans@FreeBSD.org> CommitDate: 2024-07-21 05:24:55 +0000 kern: zero out stack buffer after copying out random bits The kern.arandom sysctl handler uses an intermediate buffer on the stack to hold random data that it subsequently copies out to the sysctl request. Err on the side of caution and zero out the stack buffer after we're done with it to avoid a potential entropy leak later on. Reviewed by: cem, emaste, markj (cherry picked from commit 5862c891bb7c588aa00538d85eb26ffe77d3f709) --- sys/kern/kern_mib.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c index 7d2a9e7f8474..8ce09a47ef58 100644 --- a/sys/kern/kern_mib.c +++ b/sys/kern/kern_mib.c @@ -182,10 +182,14 @@ sysctl_kern_arnd(SYSCTL_HANDLER_ARGS) { char buf[256]; size_t len; + int error; len = MIN(req->oldlen, sizeof(buf)); read_random(buf, len); - return (SYSCTL_OUT(req, buf, len)); + + error = SYSCTL_OUT(req, buf, len); + explicit_bzero(buf, len); + return (error); } SYSCTL_PROC(_kern, KERN_ARND, arandom,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202407210525.46L5PT7O017538>