svn commit: r332031 - stable/11/sys/compat/linux

Wed, 04 Apr 2018 07:11:06 -0700 

Author: emaste
Date: Wed Apr  4 14:09:44 2018
New Revision: 332031
URL: https://svnweb.freebsd.org/changeset/base/332031

Log:
  MFC r330356 (eadler): sys/linux: Fix a few potential infoleaks in Linux IPC
  
  admbugs:      765, 812, 813, 814
  Submitted by: Domagoj Stolfa <domagoj.sto...@gmail.com>
  Reported by:  Ilja Van Sprundel <ivansprun...@ioactive.com>
  Reported by:  Vlad Tsyrklevich

Modified:
  stable/11/sys/compat/linux/linux_ipc.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/compat/linux/linux_ipc.c
==============================================================================
--- stable/11/sys/compat/linux/linux_ipc.c      Wed Apr  4 14:01:10 2018        
(r332030)
+++ stable/11/sys/compat/linux/linux_ipc.c      Wed Apr  4 14:09:44 2018        
(r332031)
@@ -548,6 +548,9 @@ linux_semctl(struct thread *td, struct linux_semctl_ar
        register_t rval;
        int cmd, error;
 
+       memset(&linux_seminfo, 0, sizeof(linux_seminfo));
+       memset(&linux_semid64, 0, sizeof(linux_semid64));
+
        switch (args->cmd & ~LINUX_IPC_64) {
        case LINUX_IPC_RMID:
                cmd = IPC_RMID;
@@ -702,12 +705,15 @@ linux_msgctl(struct thread *td, struct linux_msgctl_ar
        struct l_msqid64_ds linux_msqid64;
        struct msqid_ds bsd_msqid;
 
+       memset(&linux_msqid64, 0, sizeof(linux_msqid64));
+
        bsd_cmd = args->cmd & ~LINUX_IPC_64;
        switch (bsd_cmd) {
        case LINUX_IPC_INFO:
        case LINUX_MSG_INFO: {
                struct l_msginfo linux_msginfo;
 
+               memset(&linux_msginfo, 0, sizeof(linux_msginfo));
                /*
                 * XXX MSG_INFO uses the same data structure but returns 
different
                 * dynamic counters in msgpool, msgmap, and msgtql fields.
@@ -832,6 +838,10 @@ linux_shmctl(struct thread *td, struct linux_shmctl_ar
        struct l_shm_info linux_shm_info;
        struct shmid_ds bsd_shmid;
        int error;
+
+       memset(&linux_shm_info, 0, sizeof(linux_shm_info));
+       memset(&linux_shmid64, 0, sizeof(linux_shmid64));
+       memset(&linux_shminfo64, 0, sizeof(linux_shminfo64));
 
        switch (args->cmd & ~LINUX_IPC_64) {
 
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to