Module Name: src Committed By: martin Date: Wed Nov 21 12:01:11 UTC 2018
Modified Files: src/sys/net [netbsd-8]: rtsock.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1101): sys/net/rtsock.c: revision 1.244 Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd> To generate a diff of this commit: cvs rdiff -u -r1.213.2.10 -r1.213.2.11 src/sys/net/rtsock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/net/rtsock.c diff -u src/sys/net/rtsock.c:1.213.2.10 src/sys/net/rtsock.c:1.213.2.11 --- src/sys/net/rtsock.c:1.213.2.10 Sat May 5 19:07:51 2018 +++ src/sys/net/rtsock.c Wed Nov 21 12:01:11 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: rtsock.c,v 1.213.2.10 2018/05/05 19:07:51 martin Exp $ */ +/* $NetBSD: rtsock.c,v 1.213.2.11 2018/11/21 12:01:11 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.213.2.10 2018/05/05 19:07:51 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.213.2.11 2018/11/21 12:01:11 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1294,7 +1294,7 @@ again: if (rw->w_tmemsize < len) { if (rw->w_tmem) kmem_free(rw->w_tmem, rw->w_tmemsize); - rw->w_tmem = kmem_alloc(len, KM_SLEEP); + rw->w_tmem = kmem_zalloc(len, KM_SLEEP); rw->w_tmemsize = len; } if (rw->w_tmem) { @@ -1863,7 +1863,7 @@ sysctl_rtable(SYSCTLFN_ARGS) again: /* we may return here if a later [re]alloc of the t_mem buffer fails */ if (w.w_tmemneeded) { - w.w_tmem = kmem_alloc(w.w_tmemneeded, KM_SLEEP); + w.w_tmem = kmem_zalloc(w.w_tmemneeded, KM_SLEEP); w.w_tmemsize = w.w_tmemneeded; w.w_tmemneeded = 0; }