Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 4 Apr 2018 14:09:45 +0000 (UTC)
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r332031 - stable/11/sys/compat/linux
Message-ID:  <201804041409.w34E9jZw026090@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: emaste
Date: Wed Apr  4 14:09:44 2018
New Revision: 332031
URL: https://svnweb.freebsd.org/changeset/base/332031

Log:
  MFC r330356 (eadler): sys/linux: Fix a few potential infoleaks in Linux IPC
  
  admbugs:	765, 812, 813, 814
  Submitted by:	Domagoj Stolfa <domagoj.stolfa@gmail.com>
  Reported by:	Ilja Van Sprundel <ivansprundel@ioactive.com>
  Reported by:	Vlad Tsyrklevich

Modified:
  stable/11/sys/compat/linux/linux_ipc.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/compat/linux/linux_ipc.c
==============================================================================
--- stable/11/sys/compat/linux/linux_ipc.c	Wed Apr  4 14:01:10 2018	(r332030)
+++ stable/11/sys/compat/linux/linux_ipc.c	Wed Apr  4 14:09:44 2018	(r332031)
@@ -548,6 +548,9 @@ linux_semctl(struct thread *td, struct linux_semctl_ar
 	register_t rval;
 	int cmd, error;
 
+	memset(&linux_seminfo, 0, sizeof(linux_seminfo));
+	memset(&linux_semid64, 0, sizeof(linux_semid64));
+
 	switch (args->cmd & ~LINUX_IPC_64) {
 	case LINUX_IPC_RMID:
 		cmd = IPC_RMID;
@@ -702,12 +705,15 @@ linux_msgctl(struct thread *td, struct linux_msgctl_ar
 	struct l_msqid64_ds linux_msqid64;
 	struct msqid_ds bsd_msqid;
 
+	memset(&linux_msqid64, 0, sizeof(linux_msqid64));
+
 	bsd_cmd = args->cmd & ~LINUX_IPC_64;
 	switch (bsd_cmd) {
 	case LINUX_IPC_INFO:
 	case LINUX_MSG_INFO: {
 		struct l_msginfo linux_msginfo;
 
+		memset(&linux_msginfo, 0, sizeof(linux_msginfo));
 		/*
 		 * XXX MSG_INFO uses the same data structure but returns different
 		 * dynamic counters in msgpool, msgmap, and msgtql fields.
@@ -832,6 +838,10 @@ linux_shmctl(struct thread *td, struct linux_shmctl_ar
 	struct l_shm_info linux_shm_info;
 	struct shmid_ds bsd_shmid;
 	int error;
+
+	memset(&linux_shm_info, 0, sizeof(linux_shm_info));
+	memset(&linux_shmid64, 0, sizeof(linux_shmid64));
+	memset(&linux_shminfo64, 0, sizeof(linux_shminfo64));
 
 	switch (args->cmd & ~LINUX_IPC_64) {
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804041409.w34E9jZw026090>