From nobody Wed Apr 8 15:31:02 2026 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4frRqJ4pgbz6YJXW for ; Wed, 08 Apr 2026 15:31:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4frRqJ2PLgz42fZ for ; Wed, 08 Apr 2026 15:31:08 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1775662268; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=F6B/UHUkJ4ppuolfvBx3wg/nCwmzYkvK8wI0ap3LCeE=; b=IkwU3KznG65Hr/d7sFFH0NXJnAHx+rFBvFGYB3opB4ozVij9rERDJUSuHWVS5KTJLU5ExF cJFINj/FIuuX2eRb+KLzpzPS03k7Ot1n1wAC8vqVon2cMuy1KF7MkIW16HsneefSngpleP NMOhOTdutVDO1tzrkWVmL1aRX1UlD8MycULEhjIW2nSSCgR/x41sImFVWJ+bAmXJ1wJQkL 6Snt690f06BmW2gwX6rmedTiHYLYx2+etGfVZx148iOdKKXxHEJRNTiigdgFidA8qVzpFY iS1QUxVLJasl1cC/KnTz+4lqRd59nwf/j0pqPlmwtx2ZfYAfsd29hy9XOzqXcg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1775662268; a=rsa-sha256; cv=none; b=xv7Kt2HCEU7KNzyvVwj9cqwJgwL3IFNUmn5ScqqslE2ZOZTck31X1BG9OQDXnZ03pIkP9V B9AWgn+fe3u9y2G50JefVbF7YKZxfo51P4Lyd4Uw7fGuAckR7dOQUBXGMmdlTVKmEelhJx mvJKdXKlQqc4Hu9bHiCKgGEHvgevUwdfu8+I2gfoOgbyVRNk2PT3wodugil1m9zuUpADk6 mPe2fx98fKG8ExVUDfNU9u+5yiDD4nGUfhF9mtIuom9KdMWk5cwTzGMnTmkDJlGkm2D3bS XVyndCjsqperZRtoEpVOeaLvqKfea6ugTGaLc8S0H2YSYNzB3iE7rUjsQYplYA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1775662268; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=F6B/UHUkJ4ppuolfvBx3wg/nCwmzYkvK8wI0ap3LCeE=; b=uQDU35TbD97DOuWrXCDWcTWOJchI4jkHNbPD1kHSTflYrB7ncfvehtNv8pPeTehE+bQhRy pXP0EN+PDMJMlUfrZDrpAYzFcmQToVlt+6yrjgIhQaVGHTaYWMlFvo+NCDI0EXw3+uemDe doRopJWjcbkMQPz9I8HR5bSj3LCt2iiiPaS/9iZfmNwSaJRfTDzQiDf5fc6lF3TO7jzlxR GaDqz+U9Rbrr4ZnvU/9WF3x69Vm4Vq+6GnaU3ZE78eTznG83ZIqXUCiwNFL0/9jEGOYRXK qMTegYmUMVBKpgRO3MBgF9t+fWlvJJ4JATi8UR92jz+UT2E99vVqL8EdVAnQ4Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4frRqJ1YhWzYrW for ; Wed, 08 Apr 2026 15:31:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 4497f by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 08 Apr 2026 15:31:02 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Cc: Shunchao Hu From: ShengYi Hung Subject: git: 16aa49f6d1bb - main - compat/linprocfs: Fix auxv sbuf leak List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: aokblast X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 16aa49f6d1bbe70cd3e851139eb63d566de49b12 Auto-Submitted: auto-generated Date: Wed, 08 Apr 2026 15:31:02 +0000 Message-Id: <69d674b6.4497f.344f0ea2@gitrepo.freebsd.org> The branch main has been updated by aokblast: URL: https://cgit.FreeBSD.org/src/commit/?id=16aa49f6d1bbe70cd3e851139eb63d566de49b12 commit 16aa49f6d1bbe70cd3e851139eb63d566de49b12 Author: Shunchao Hu AuthorDate: 2026-04-04 10:27:53 +0000 Commit: ShengYi Hung CommitDate: 2026-04-08 15:30:23 +0000 compat/linprocfs: Fix auxv sbuf leak linprocfs_doauxv() allocates an automatic sbuf before validating whether the requested read can be satisfied. When the computed auxv read length exceeds IOSIZE_MAX, or when the buffer length is too big, the function returns early without releasing the sbuf. Route these early exits through a shared cleanup path so the sbuf is always deleted after sbuf_new_auto() succeeds. Signed-off-by: Shunchao Hu Reviewed by: des, spmzt, zlei, aokblast MFC after: 2 weeks Pull Request: https://github.com/freebsd/freebsd-src/pull/2118 --- sys/compat/linprocfs/linprocfs.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/sys/compat/linprocfs/linprocfs.c b/sys/compat/linprocfs/linprocfs.c index 7ac48786c77b..941b76788dc1 100644 --- a/sys/compat/linprocfs/linprocfs.c +++ b/sys/compat/linprocfs/linprocfs.c @@ -2026,23 +2026,26 @@ linprocfs_doauxv(PFS_FILL_ARGS) if (asb == NULL) return (ENOMEM); error = proc_getauxv(td, p, asb); - if (error == 0) - error = sbuf_finish(asb); + if (error != 0) + goto out; + error = sbuf_finish(asb); + if (error != 0) + goto out; resid = sbuf_len(asb) - uio->uio_offset; if (resid > uio->uio_resid) buflen = uio->uio_resid; else buflen = resid; - if (buflen > IOSIZE_MAX) - return (EINVAL); + if (buflen > IOSIZE_MAX) { + error = EINVAL; + goto out; + } if (buflen > maxphys) buflen = maxphys; - if (resid <= 0) - return (0); - - if (error == 0) + if (resid > 0) error = uiomove(sbuf_data(asb) + uio->uio_offset, buflen, uio); +out: sbuf_delete(asb); return (error); }