Module Name: src Committed By: riastradh Date: Thu Mar 30 15:58:21 UTC 2023
Modified Files: src/sys/kern: uipc_domain.c Log Message: sockaddr_alloc(9): Avoid uninitialized buffer in sockaddr_checklen. Manifests only under DIAGNOSTIC because the DIAGNOSTIC check itself uses an uninitialized buffer. Reported-by: syzbot+54b120643dfd6edc2...@syzkaller.appspotmail.com https://syzkaller.appspot.com/bug?id=afb5b6e5da6e806aeb7fddcf1d03c3262f6fc765 To generate a diff of this commit: cvs rdiff -u -r1.108 -r1.109 src/sys/kern/uipc_domain.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/kern/uipc_domain.c diff -u src/sys/kern/uipc_domain.c:1.108 src/sys/kern/uipc_domain.c:1.109 --- src/sys/kern/uipc_domain.c:1.108 Fri Nov 6 14:50:13 2020 +++ src/sys/kern/uipc_domain.c Thu Mar 30 15:58:21 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_domain.c,v 1.108 2020/11/06 14:50:13 christos Exp $ */ +/* $NetBSD: uipc_domain.c,v 1.109 2023/03/30 15:58:21 riastradh Exp $ */ /* * Copyright (c) 1982, 1986, 1993 @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: uipc_domain.c,v 1.108 2020/11/06 14:50:13 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uipc_domain.c,v 1.109 2023/03/30 15:58:21 riastradh Exp $"); #include <sys/param.h> #include <sys/socket.h> @@ -324,6 +324,15 @@ sockaddr_alloc(sa_family_t af, socklen_t struct sockaddr *sa; socklen_t reallen = MAX(socklen, offsetof(struct sockaddr, sa_data[0])); +#ifdef DIAGNOSTIC + /* + * sockaddr_checklen passes sa to sockaddr_format which + * requires it to be fully initialized. + * + * XXX This should be factored better. + */ + flags |= M_ZERO; +#endif if ((sa = malloc(reallen, M_SOCKADDR, flags)) == NULL) return NULL;