svn commit: r331640 - in head/sys: compat/freebsd32 dev/pci kern

Tue, 27 Mar 2018 11:06:40 -0700 

Author: kib
Date: Tue Mar 27 18:05:51 2018
New Revision: 331640
URL: https://svnweb.freebsd.org/changeset/base/331640

Log:
  Fix several leaks of kernel stack data through paddings.
  
  It is random collection of fixes for issues not yet corrected,
  reported at https://tsyrklevi.ch/clang_analyzer/freebsd_013017/. Many
  issues from that list were already corrected. Most of them are for
  compat32, old compat32 or affect both primary host ABI and compat32.
  
  The freebsd32_kldstat(), for instance, was already fixed by using
  malloc(M_ZERO).  Patch includes correction to report the supplied
  version back, which is just pedantic.
  
  Reviewed by:  brooks, emaste (previous version)
  Sponsored by: The FreeBSD Foundation
  MFC after:    1 week
  Differential revision:        https://reviews.freebsd.org/D14868

Modified:
  head/sys/compat/freebsd32/freebsd32_misc.c
  head/sys/dev/pci/pci_user.c
  head/sys/kern/kern_ntptime.c
  head/sys/kern/kern_sig.c
  head/sys/kern/sysv_shm.c

Modified: head/sys/compat/freebsd32/freebsd32_misc.c
==============================================================================
--- head/sys/compat/freebsd32/freebsd32_misc.c  Tue Mar 27 17:58:00 2018        
(r331639)
+++ head/sys/compat/freebsd32/freebsd32_misc.c  Tue Mar 27 18:05:51 2018        
(r331640)
@@ -3285,6 +3285,7 @@ freebsd32_kldstat(struct thread *td, struct freebsd32_
                CP(*stat, *stat32, size);
                bcopy(&stat->pathname[0], &stat32->pathname[0],
                    sizeof(stat->pathname));
+               stat32->version  = version;
                error = copyout(stat32, uap->stat, version);
        }
        free(stat, M_TEMP);

Modified: head/sys/dev/pci/pci_user.c
==============================================================================
--- head/sys/dev/pci/pci_user.c Tue Mar 27 17:58:00 2018        (r331639)
+++ head/sys/dev/pci/pci_user.c Tue Mar 27 18:05:51 2018        (r331640)
@@ -770,6 +770,8 @@ pci_ioctl(struct cdev *dev, u_long cmd, caddr_t data, 
 #ifdef PRE7_COMPAT
 #ifdef COMPAT_FREEBSD32
                                if (cmd == PCIOCGETCONF_OLD32) {
+                                       memset(&conf_old32, 0,
+                                           sizeof(conf_old32));
                                        conf_old32.pc_sel.pc_bus =
                                            dinfo->conf.pc_sel.pc_bus;
                                        conf_old32.pc_sel.pc_dev =
@@ -803,6 +805,7 @@ pci_ioctl(struct cdev *dev, u_long cmd, caddr_t data, 
                                } else
 #endif /* COMPAT_FREEBSD32 */
                                if (cmd == PCIOCGETCONF_OLD) {
+                                       memset(&conf_old, 0, sizeof(conf_old));
                                        conf_old.pc_sel.pc_bus =
                                            dinfo->conf.pc_sel.pc_bus;
                                        conf_old.pc_sel.pc_dev =

Modified: head/sys/kern/kern_ntptime.c
==============================================================================
--- head/sys/kern/kern_ntptime.c        Tue Mar 27 17:58:00 2018        
(r331639)
+++ head/sys/kern/kern_ntptime.c        Tue Mar 27 18:05:51 2018        
(r331640)
@@ -285,6 +285,8 @@ sys_ntp_gettime(struct thread *td, struct ntp_gettime_
 {      
        struct ntptimeval ntv;
 
+       memset(&ntv, 0, sizeof(ntv));
+
        NTP_LOCK();
        ntp_gettime1(&ntv);
        NTP_UNLOCK();

Modified: head/sys/kern/kern_sig.c
==============================================================================
--- head/sys/kern/kern_sig.c    Tue Mar 27 17:58:00 2018        (r331639)
+++ head/sys/kern/kern_sig.c    Tue Mar 27 18:05:51 2018        (r331640)
@@ -694,8 +694,8 @@ kern_sigaction(struct thread *td, int sig, const struc
        ps = p->p_sigacts;
        mtx_lock(&ps->ps_mtx);
        if (oact) {
+               memset(oact, 0, sizeof(*oact));
                oact->sa_mask = ps->ps_catchmask[_SIG_IDX(sig)];
-               oact->sa_flags = 0;
                if (SIGISMEMBER(ps->ps_sigonstack, sig))
                        oact->sa_flags |= SA_ONSTACK;
                if (!SIGISMEMBER(ps->ps_sigintr, sig))

Modified: head/sys/kern/sysv_shm.c
==============================================================================
--- head/sys/kern/sysv_shm.c    Tue Mar 27 17:58:00 2018        (r331639)
+++ head/sys/kern/sysv_shm.c    Tue Mar 27 18:05:51 2018        (r331640)
@@ -1471,6 +1471,7 @@ freebsd7_freebsd32_shmctl(struct thread *td,
                break;
        case SHM_STAT:
        case IPC_STAT:
+               memset(&u32.shmid_ds32, 0, sizeof(u32.shmid_ds32));
                freebsd32_ipcperm_old_out(&u.shmid_ds.shm_perm,
                    &u32.shmid_ds32.shm_perm);
                if (u.shmid_ds.shm_segsz > INT32_MAX)
@@ -1634,6 +1635,7 @@ freebsd7_shmctl(struct thread *td, struct freebsd7_shm
        /* Cases in which we need to copyout */
        switch (uap->cmd) {
        case IPC_STAT:
+               memset(&old, 0, sizeof(old));
                ipcperm_new2old(&buf.shm_perm, &old.shm_perm);
                if (buf.shm_segsz > INT_MAX)
                        old.shm_segsz = INT_MAX;
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to