Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Apr 2018 09:40:53 +0000 (UTC)
From:      Konstantin Belousov <kib@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r331922 - in stable/11/sys: compat/freebsd32 dev/pci kern
Message-ID:  <201804030940.w339ernj067739@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: kib
Date: Tue Apr  3 09:40:52 2018
New Revision: 331922
URL: https://svnweb.freebsd.org/changeset/base/331922

Log:
  MFC r331640:
  Fix several leaks of kernel stack data through paddings.

Modified:
  stable/11/sys/compat/freebsd32/freebsd32_misc.c
  stable/11/sys/dev/pci/pci_user.c
  stable/11/sys/kern/kern_ntptime.c
  stable/11/sys/kern/kern_sig.c
  stable/11/sys/kern/sysv_shm.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/compat/freebsd32/freebsd32_misc.c
==============================================================================
--- stable/11/sys/compat/freebsd32/freebsd32_misc.c	Tue Apr  3 09:38:53 2018	(r331921)
+++ stable/11/sys/compat/freebsd32/freebsd32_misc.c	Tue Apr  3 09:40:52 2018	(r331922)
@@ -2989,6 +2989,7 @@ freebsd32_kldstat(struct thread *td, struct freebsd32_
 		CP(*stat, *stat32, size);
 		bcopy(&stat->pathname[0], &stat32->pathname[0],
 		    sizeof(stat->pathname));
+		stat32->version  = version;
 		error = copyout(stat32, uap->stat, version);
 	}
 	free(stat, M_TEMP);

Modified: stable/11/sys/dev/pci/pci_user.c
==============================================================================
--- stable/11/sys/dev/pci/pci_user.c	Tue Apr  3 09:38:53 2018	(r331921)
+++ stable/11/sys/dev/pci/pci_user.c	Tue Apr  3 09:40:52 2018	(r331922)
@@ -766,6 +766,8 @@ pci_ioctl(struct cdev *dev, u_long cmd, caddr_t data, 
 #ifdef PRE7_COMPAT
 #ifdef COMPAT_FREEBSD32
 				if (cmd == PCIOCGETCONF_OLD32) {
+					memset(&conf_old32, 0,
+					    sizeof(conf_old32));
 					conf_old32.pc_sel.pc_bus =
 					    dinfo->conf.pc_sel.pc_bus;
 					conf_old32.pc_sel.pc_dev =
@@ -799,6 +801,7 @@ pci_ioctl(struct cdev *dev, u_long cmd, caddr_t data, 
 				} else
 #endif /* COMPAT_FREEBSD32 */
 				if (cmd == PCIOCGETCONF_OLD) {
+					memset(&conf_old, 0, sizeof(conf_old));
 					conf_old.pc_sel.pc_bus =
 					    dinfo->conf.pc_sel.pc_bus;
 					conf_old.pc_sel.pc_dev =

Modified: stable/11/sys/kern/kern_ntptime.c
==============================================================================
--- stable/11/sys/kern/kern_ntptime.c	Tue Apr  3 09:38:53 2018	(r331921)
+++ stable/11/sys/kern/kern_ntptime.c	Tue Apr  3 09:40:52 2018	(r331922)
@@ -285,6 +285,8 @@ sys_ntp_gettime(struct thread *td, struct ntp_gettime_
 {	
 	struct ntptimeval ntv;
 
+	memset(&ntv, 0, sizeof(ntv));
+
 	NTP_LOCK();
 	ntp_gettime1(&ntv);
 	NTP_UNLOCK();

Modified: stable/11/sys/kern/kern_sig.c
==============================================================================
--- stable/11/sys/kern/kern_sig.c	Tue Apr  3 09:38:53 2018	(r331921)
+++ stable/11/sys/kern/kern_sig.c	Tue Apr  3 09:40:52 2018	(r331922)
@@ -692,8 +692,8 @@ kern_sigaction(struct thread *td, int sig, const struc
 	ps = p->p_sigacts;
 	mtx_lock(&ps->ps_mtx);
 	if (oact) {
+		memset(oact, 0, sizeof(*oact));
 		oact->sa_mask = ps->ps_catchmask[_SIG_IDX(sig)];
-		oact->sa_flags = 0;
 		if (SIGISMEMBER(ps->ps_sigonstack, sig))
 			oact->sa_flags |= SA_ONSTACK;
 		if (!SIGISMEMBER(ps->ps_sigintr, sig))

Modified: stable/11/sys/kern/sysv_shm.c
==============================================================================
--- stable/11/sys/kern/sysv_shm.c	Tue Apr  3 09:38:53 2018	(r331921)
+++ stable/11/sys/kern/sysv_shm.c	Tue Apr  3 09:40:52 2018	(r331922)
@@ -1447,6 +1447,7 @@ freebsd7_freebsd32_shmctl(struct thread *td,
 		break;
 	case SHM_STAT:
 	case IPC_STAT:
+		memset(&u32.shmid_ds32, 0, sizeof(u32.shmid_ds32));
 		freebsd32_ipcperm_old_out(&u.shmid_ds.shm_perm,
 		    &u32.shmid_ds32.shm_perm);
 		if (u.shmid_ds.shm_segsz > INT32_MAX)
@@ -1610,6 +1611,7 @@ freebsd7_shmctl(struct thread *td, struct freebsd7_shm
 	/* Cases in which we need to copyout */
 	switch (uap->cmd) {
 	case IPC_STAT:
+		memset(&old, 0, sizeof(old));
 		ipcperm_new2old(&buf.shm_perm, &old.shm_perm);
 		if (buf.shm_segsz > INT_MAX)
 			old.shm_segsz = INT_MAX;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804030940.w339ernj067739>