Date: Wed, 24 Jul 2019 12:54:10 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r350283 - in releng: 11.2/sys/compat/freebsd32 11.3/sys/compat/freebsd32 Message-ID: <201907241254.x6OCsABl076296@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon Date: Wed Jul 24 12:54:10 2019 New Revision: 350283 URL: https://svnweb.freebsd.org/changeset/base/350283 Log: Fix kernel memory disclosure in freebsd32_ioctl. Approved by: so Security: FreeBSD-SA-19:14.freebsd32 Security: CVE-2019-5605 Modified: releng/11.2/sys/compat/freebsd32/freebsd32_ioctl.c releng/11.3/sys/compat/freebsd32/freebsd32_ioctl.c Modified: releng/11.2/sys/compat/freebsd32/freebsd32_ioctl.c ============================================================================== --- releng/11.2/sys/compat/freebsd32/freebsd32_ioctl.c Wed Jul 24 12:53:06 2019 (r350282) +++ releng/11.2/sys/compat/freebsd32/freebsd32_ioctl.c Wed Jul 24 12:54:10 2019 (r350283) @@ -262,6 +262,8 @@ freebsd32_ioctl_pciocgetconf(struct thread *td, vm_offset_t addr; int error; + memset(&pmc, 0, sizeof(pmc)); + memset(&pc32, 0, sizeof(pc32)); if ((error = copyin(uap->data, &pci32, sizeof(pci32))) != 0) return (error); Modified: releng/11.3/sys/compat/freebsd32/freebsd32_ioctl.c ============================================================================== --- releng/11.3/sys/compat/freebsd32/freebsd32_ioctl.c Wed Jul 24 12:53:06 2019 (r350282) +++ releng/11.3/sys/compat/freebsd32/freebsd32_ioctl.c Wed Jul 24 12:54:10 2019 (r350283) @@ -262,6 +262,8 @@ freebsd32_ioctl_pciocgetconf(struct thread *td, vm_offset_t addr; int error; + memset(&pmc, 0, sizeof(pmc)); + memset(&pc32, 0, sizeof(pc32)); if ((error = copyin(uap->data, &pci32, sizeof(pci32))) != 0) return (error);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201907241254.x6OCsABl076296>