Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Mar 2018 18:05:51 +0000 (UTC)
From:      Konstantin Belousov <kib@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r331640 - in head/sys: compat/freebsd32 dev/pci kern
Message-ID:  <201803271805.w2RI5pi6080649@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: kib
Date: Tue Mar 27 18:05:51 2018
New Revision: 331640
URL: https://svnweb.freebsd.org/changeset/base/331640

Log:
  Fix several leaks of kernel stack data through paddings.
  
  It is random collection of fixes for issues not yet corrected,
  reported at https://tsyrklevi.ch/clang_analyzer/freebsd_013017/. Many
  issues from that list were already corrected. Most of them are for
  compat32, old compat32 or affect both primary host ABI and compat32.
  
  The freebsd32_kldstat(), for instance, was already fixed by using
  malloc(M_ZERO).  Patch includes correction to report the supplied
  version back, which is just pedantic.
  
  Reviewed by:	brooks, emaste (previous version)
  Sponsored by:	The FreeBSD Foundation
  MFC after:	1 week
  Differential revision:	https://reviews.freebsd.org/D14868

Modified:
  head/sys/compat/freebsd32/freebsd32_misc.c
  head/sys/dev/pci/pci_user.c
  head/sys/kern/kern_ntptime.c
  head/sys/kern/kern_sig.c
  head/sys/kern/sysv_shm.c

Modified: head/sys/compat/freebsd32/freebsd32_misc.c
==============================================================================
--- head/sys/compat/freebsd32/freebsd32_misc.c	Tue Mar 27 17:58:00 2018	(r331639)
+++ head/sys/compat/freebsd32/freebsd32_misc.c	Tue Mar 27 18:05:51 2018	(r331640)
@@ -3285,6 +3285,7 @@ freebsd32_kldstat(struct thread *td, struct freebsd32_
 		CP(*stat, *stat32, size);
 		bcopy(&stat->pathname[0], &stat32->pathname[0],
 		    sizeof(stat->pathname));
+		stat32->version  = version;
 		error = copyout(stat32, uap->stat, version);
 	}
 	free(stat, M_TEMP);

Modified: head/sys/dev/pci/pci_user.c
==============================================================================
--- head/sys/dev/pci/pci_user.c	Tue Mar 27 17:58:00 2018	(r331639)
+++ head/sys/dev/pci/pci_user.c	Tue Mar 27 18:05:51 2018	(r331640)
@@ -770,6 +770,8 @@ pci_ioctl(struct cdev *dev, u_long cmd, caddr_t data, 
 #ifdef PRE7_COMPAT
 #ifdef COMPAT_FREEBSD32
 				if (cmd == PCIOCGETCONF_OLD32) {
+					memset(&conf_old32, 0,
+					    sizeof(conf_old32));
 					conf_old32.pc_sel.pc_bus =
 					    dinfo->conf.pc_sel.pc_bus;
 					conf_old32.pc_sel.pc_dev =
@@ -803,6 +805,7 @@ pci_ioctl(struct cdev *dev, u_long cmd, caddr_t data, 
 				} else
 #endif /* COMPAT_FREEBSD32 */
 				if (cmd == PCIOCGETCONF_OLD) {
+					memset(&conf_old, 0, sizeof(conf_old));
 					conf_old.pc_sel.pc_bus =
 					    dinfo->conf.pc_sel.pc_bus;
 					conf_old.pc_sel.pc_dev =

Modified: head/sys/kern/kern_ntptime.c
==============================================================================
--- head/sys/kern/kern_ntptime.c	Tue Mar 27 17:58:00 2018	(r331639)
+++ head/sys/kern/kern_ntptime.c	Tue Mar 27 18:05:51 2018	(r331640)
@@ -285,6 +285,8 @@ sys_ntp_gettime(struct thread *td, struct ntp_gettime_
 {	
 	struct ntptimeval ntv;
 
+	memset(&ntv, 0, sizeof(ntv));
+
 	NTP_LOCK();
 	ntp_gettime1(&ntv);
 	NTP_UNLOCK();

Modified: head/sys/kern/kern_sig.c
==============================================================================
--- head/sys/kern/kern_sig.c	Tue Mar 27 17:58:00 2018	(r331639)
+++ head/sys/kern/kern_sig.c	Tue Mar 27 18:05:51 2018	(r331640)
@@ -694,8 +694,8 @@ kern_sigaction(struct thread *td, int sig, const struc
 	ps = p->p_sigacts;
 	mtx_lock(&ps->ps_mtx);
 	if (oact) {
+		memset(oact, 0, sizeof(*oact));
 		oact->sa_mask = ps->ps_catchmask[_SIG_IDX(sig)];
-		oact->sa_flags = 0;
 		if (SIGISMEMBER(ps->ps_sigonstack, sig))
 			oact->sa_flags |= SA_ONSTACK;
 		if (!SIGISMEMBER(ps->ps_sigintr, sig))

Modified: head/sys/kern/sysv_shm.c
==============================================================================
--- head/sys/kern/sysv_shm.c	Tue Mar 27 17:58:00 2018	(r331639)
+++ head/sys/kern/sysv_shm.c	Tue Mar 27 18:05:51 2018	(r331640)
@@ -1471,6 +1471,7 @@ freebsd7_freebsd32_shmctl(struct thread *td,
 		break;
 	case SHM_STAT:
 	case IPC_STAT:
+		memset(&u32.shmid_ds32, 0, sizeof(u32.shmid_ds32));
 		freebsd32_ipcperm_old_out(&u.shmid_ds.shm_perm,
 		    &u32.shmid_ds32.shm_perm);
 		if (u.shmid_ds.shm_segsz > INT32_MAX)
@@ -1634,6 +1635,7 @@ freebsd7_shmctl(struct thread *td, struct freebsd7_shm
 	/* Cases in which we need to copyout */
 	switch (uap->cmd) {
 	case IPC_STAT:
+		memset(&old, 0, sizeof(old));
 		ipcperm_new2old(&buf.shm_perm, &old.shm_perm);
 		if (buf.shm_segsz > INT_MAX)
 			old.shm_segsz = INT_MAX;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803271805.w2RI5pi6080649>