Date: Mon, 21 Jan 2019 17:12:17 +0000 (UTC) From: Ed Maste <emaste@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r343263 - head/sys/compat/linux Message-ID: <201901211712.x0LHCHwl072652@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emaste Date: Mon Jan 21 17:12:16 2019 New Revision: 343263 URL: https://svnweb.freebsd.org/changeset/base/343263 Log: linuxulator: fix stack memory disclosure in linux_sigaltstack Most siginfo_to_lsiginfo callers already zeroed the l_siginfo_t before callit it, but linux_waitid did not. Instead of zeroing in the called function to address linux_waitid (as in commit 2e6ebe70), just do it in linux_waitid. admbugs: 765 Reported by: Vlad Tsyrklevich <vlad@tsyrklevich.net> Reviewed by: Andrew MFC after: 1 day Security: Kernel stack memory disclosure Sponsored by: The FreeBSD Foundation Modified: head/sys/compat/linux/linux_misc.c Modified: head/sys/compat/linux/linux_misc.c ============================================================================== --- head/sys/compat/linux/linux_misc.c Mon Jan 21 16:25:40 2019 (r343262) +++ head/sys/compat/linux/linux_misc.c Mon Jan 21 17:12:16 2019 (r343263) @@ -1089,9 +1089,8 @@ linux_waitid(struct thread *td, struct linux_waitid_ar } if (args->info != NULL) { p = td->td_proc; - if (td->td_retval[0] == 0) - bzero(&lsi, sizeof(lsi)); - else { + bzero(&lsi, sizeof(lsi)); + if (td->td_retval[0] != 0) { sig = bsd_to_linux_signal(siginfo.si_signo); siginfo_to_lsiginfo(&siginfo, &lsi, sig); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201901211712.x0LHCHwl072652>