Date: Mon, 22 Jul 2019 18:14:34 +0000 (UTC) From: Ed Maste <emaste@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r350217 - stable/11/sys/compat/freebsd32 Message-ID: <201907221814.x6MIEYfD049964@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emaste Date: Mon Jul 22 18:14:34 2019 New Revision: 350217 URL: https://svnweb.freebsd.org/changeset/base/350217 Log: Avoid kernel memory disclosure in freebsd32_ioctl_pciocgetconf This has been addressed in HEAD with other compat32 changes, but was not yet addressed in stable/11. admbugs: 797 Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com> Security: CVE-2019-5605 Sponsored by: The FreeBSD Foundation Modified: stable/11/sys/compat/freebsd32/freebsd32_ioctl.c Modified: stable/11/sys/compat/freebsd32/freebsd32_ioctl.c ============================================================================== --- stable/11/sys/compat/freebsd32/freebsd32_ioctl.c Mon Jul 22 18:11:35 2019 (r350216) +++ stable/11/sys/compat/freebsd32/freebsd32_ioctl.c Mon Jul 22 18:14:34 2019 (r350217) @@ -262,6 +262,8 @@ freebsd32_ioctl_pciocgetconf(struct thread *td, vm_offset_t addr; int error; + memset(&pmc, 0, sizeof(pmc)); + memset(&pc32, 0, sizeof(pc32)); if ((error = copyin(uap->data, &pci32, sizeof(pci32))) != 0) return (error);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201907221814.x6MIEYfD049964>