CVS commit: src/sys/kern

Thu, 30 Mar 2023 08:58:29 -0700 

Module Name:    src
Committed By:   riastradh
Date:           Thu Mar 30 15:58:21 UTC 2023

Modified Files:
        src/sys/kern: uipc_domain.c

Log Message:
sockaddr_alloc(9): Avoid uninitialized buffer in sockaddr_checklen.

Manifests only under DIAGNOSTIC because the DIAGNOSTIC check itself
uses an uninitialized buffer.

Reported-by: syzbot+54b120643dfd6edc2...@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=afb5b6e5da6e806aeb7fddcf1d03c3262f6fc765


To generate a diff of this commit:
cvs rdiff -u -r1.108 -r1.109 src/sys/kern/uipc_domain.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/uipc_domain.c
diff -u src/sys/kern/uipc_domain.c:1.108 src/sys/kern/uipc_domain.c:1.109
--- src/sys/kern/uipc_domain.c:1.108	Fri Nov  6 14:50:13 2020
+++ src/sys/kern/uipc_domain.c	Thu Mar 30 15:58:21 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_domain.c,v 1.108 2020/11/06 14:50:13 christos Exp $	*/
+/*	$NetBSD: uipc_domain.c,v 1.109 2023/03/30 15:58:21 riastradh Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1993
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_domain.c,v 1.108 2020/11/06 14:50:13 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_domain.c,v 1.109 2023/03/30 15:58:21 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/socket.h>
@@ -324,6 +324,15 @@ sockaddr_alloc(sa_family_t af, socklen_t
 	struct sockaddr *sa;
 	socklen_t reallen = MAX(socklen, offsetof(struct sockaddr, sa_data[0]));
 
+#ifdef DIAGNOSTIC
+	/*
+	 * sockaddr_checklen passes sa to sockaddr_format which
+	 * requires it to be fully initialized.
+	 *
+	 * XXX This should be factored better.
+	 */
+	flags |= M_ZERO;
+#endif
 	if ((sa = malloc(reallen, M_SOCKADDR, flags)) == NULL)
 		return NULL;

Reply via email to