Module Name: src
Committed By: martin
Date: Wed Aug 3 10:55:45 UTC 2022
Modified Files:
src/sys/dev/isa [netbsd-9]: mcd.c
src/sys/dev/pci [netbsd-9]: if_iwi.c
src/sys/dev/raidframe [netbsd-9]: rf_netbsdkintf.c
src/sys/dev/scsipi [netbsd-9]: ses.c
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1485):
sys/dev/pci/if_iwi.c: revision 1.117
sys/dev/raidframe/rf_netbsdkintf.c: revision 1.401
sys/dev/scsipi/ses.c: revision 1.52
sys/dev/isa/mcd.c: revision 1.121
sys/dev: Memset zero before copyout.
Just in case of uninitialized padding which would lead to kernel
stack disclosure. If the compiler can prove the memset redundant
then it can optimize it away; otherwise better safe than sorry.
I think the iwi(4), mcd(4), and ses(4) changes actually plug leaks;
the raidframe(4) change probably doesn't (but doesn't hurt).
To generate a diff of this commit:
cvs rdiff -u -r1.118.4.1 -r1.118.4.2 src/sys/dev/isa/mcd.c
cvs rdiff -u -r1.111 -r1.111.4.1 src/sys/dev/pci/if_iwi.c
cvs rdiff -u -r1.376.4.1 -r1.376.4.2 src/sys/dev/raidframe/rf_netbsdkintf.c
cvs rdiff -u -r1.51 -r1.51.4.1 src/sys/dev/scsipi/ses.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/isa/mcd.c
diff -u src/sys/dev/isa/mcd.c:1.118.4.1 src/sys/dev/isa/mcd.c:1.118.4.2
--- src/sys/dev/isa/mcd.c:1.118.4.1 Thu Nov 14 15:38:02 2019
+++ src/sys/dev/isa/mcd.c Wed Aug 3 10:55:45 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: mcd.c,v 1.118.4.1 2019/11/14 15:38:02 martin Exp $ */
+/* $NetBSD: mcd.c,v 1.118.4.2 2022/08/03 10:55:45 martin Exp $ */
/*
* Copyright (c) 1993, 1994, 1995 Charles M. Hannum. All rights reserved.
@@ -56,7 +56,7 @@
/*static char COPYRIGHT[] = "mcd-driver (C)1993 by H.Veit & B.Moore";*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mcd.c,v 1.118.4.1 2019/11/14 15:38:02 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mcd.c,v 1.118.4.2 2022/08/03 10:55:45 martin Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -1601,6 +1601,7 @@ mcd_read_subchannel(struct mcd_softc *sc
if ((error = mcd_getqchan(sc, &q, ch->data_format)) != 0)
return error;
+ memset(info, 0, sizeof(*info));
info->header.audio_status = sc->audio_status;
info->what.media_catalog.data_format = ch->data_format;
Index: src/sys/dev/pci/if_iwi.c
diff -u src/sys/dev/pci/if_iwi.c:1.111 src/sys/dev/pci/if_iwi.c:1.111.4.1
--- src/sys/dev/pci/if_iwi.c:1.111 Sun Feb 3 03:19:27 2019
+++ src/sys/dev/pci/if_iwi.c Wed Aug 3 10:55:44 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: if_iwi.c,v 1.111 2019/02/03 03:19:27 mrg Exp $ */
+/* $NetBSD: if_iwi.c,v 1.111.4.1 2022/08/03 10:55:44 martin Exp $ */
/* $OpenBSD: if_iwi.c,v 1.111 2010/11/15 19:11:57 damien Exp $ */
/*-
@@ -19,7 +19,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_iwi.c,v 1.111 2019/02/03 03:19:27 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_iwi.c,v 1.111.4.1 2022/08/03 10:55:44 martin Exp $");
/*-
* Intel(R) PRO/Wireless 2200BG/2225BG/2915ABG driver
@@ -1875,8 +1875,9 @@ iwi_get_table0(struct iwi_softc *sc, uin
{
uint32_t size, buf[128];
+ memset(buf, 0, sizeof buf);
+
if (!(sc->flags & IWI_FLAG_FW_INITED)) {
- memset(buf, 0, sizeof buf);
return copyout(buf, tbl, sizeof buf);
}
Index: src/sys/dev/raidframe/rf_netbsdkintf.c
diff -u src/sys/dev/raidframe/rf_netbsdkintf.c:1.376.4.1 src/sys/dev/raidframe/rf_netbsdkintf.c:1.376.4.2
--- src/sys/dev/raidframe/rf_netbsdkintf.c:1.376.4.1 Sat Mar 21 15:52:09 2020
+++ src/sys/dev/raidframe/rf_netbsdkintf.c Wed Aug 3 10:55:45 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: rf_netbsdkintf.c,v 1.376.4.1 2020/03/21 15:52:09 martin Exp $ */
+/* $NetBSD: rf_netbsdkintf.c,v 1.376.4.2 2022/08/03 10:55:45 martin Exp $ */
/*-
* Copyright (c) 1996, 1997, 1998, 2008-2011 The NetBSD Foundation, Inc.
@@ -101,7 +101,7 @@
***********************************************************/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rf_netbsdkintf.c,v 1.376.4.1 2020/03/21 15:52:09 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rf_netbsdkintf.c,v 1.376.4.2 2022/08/03 10:55:45 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_raid_autoconfig.h"
@@ -3748,6 +3748,8 @@ void
rf_check_recon_status_ext(RF_Raid_t *raidPtr, RF_ProgressInfo_t *info)
{
+ memset(info, 0, sizeof(*info));
+
if (raidPtr->status != rf_rs_reconstructing) {
info->total = 100;
info->completed = 100;
@@ -3763,6 +3765,8 @@ void
rf_check_parityrewrite_status_ext(RF_Raid_t *raidPtr, RF_ProgressInfo_t *info)
{
+ memset(info, 0, sizeof(*info));
+
if (raidPtr->parity_rewrite_in_progress == 1) {
info->total = raidPtr->Layout.numStripe;
info->completed = raidPtr->parity_rewrite_stripes_done;
@@ -3778,6 +3782,8 @@ void
rf_check_copyback_status_ext(RF_Raid_t *raidPtr, RF_ProgressInfo_t *info)
{
+ memset(info, 0, sizeof(*info));
+
if (raidPtr->copyback_in_progress == 1) {
info->total = raidPtr->Layout.numStripe;
info->completed = raidPtr->copyback_stripes_done;
Index: src/sys/dev/scsipi/ses.c
diff -u src/sys/dev/scsipi/ses.c:1.51 src/sys/dev/scsipi/ses.c:1.51.4.1
--- src/sys/dev/scsipi/ses.c:1.51 Fri Mar 8 08:35:58 2019
+++ src/sys/dev/scsipi/ses.c Wed Aug 3 10:55:45 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: ses.c,v 1.51 2019/03/08 08:35:58 msaitoh Exp $ */
+/* $NetBSD: ses.c,v 1.51.4.1 2022/08/03 10:55:45 martin Exp $ */
/*
* Copyright (C) 2000 National Aeronautics & Space Administration
* All rights reserved.
@@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ses.c,v 1.51 2019/03/08 08:35:58 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ses.c,v 1.51.4.1 2022/08/03 10:55:45 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_scsi.h"
@@ -415,6 +415,7 @@ sesioctl(dev_t dev, u_long cmd, void *ar
case SESIOC_GETOBJMAP:
if (addr == NULL)
return EINVAL;
+ memset(&obj, 0, sizeof(obj));
for (uobj = addr, i = 0; i != ssc->ses_nobjects; i++, uobj++) {
obj.obj_id = i;
obj.subencid = ssc->ses_objmap[i].subenclosure;
