CVS commit: [netbsd-8] src/sys/net

Wed, 21 Nov 2018 04:02:32 -0800 

Module Name:    src
Committed By:   martin
Date:           Wed Nov 21 12:01:11 UTC 2018

Modified Files:
        src/sys/net [netbsd-8]: rtsock.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1101):

        sys/net/rtsock.c: revision 1.244

Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr.
[  944.607323] kleak: Possible leak in copyout: [len=176, leaked=2]
[  944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd>
[  944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd>
[  944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd>
[  944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd>
[  944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd>
[  944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd>
[  944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd>
[  944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd>
[  944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd>
[  944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>


To generate a diff of this commit:
cvs rdiff -u -r1.213.2.10 -r1.213.2.11 src/sys/net/rtsock.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/rtsock.c
diff -u src/sys/net/rtsock.c:1.213.2.10 src/sys/net/rtsock.c:1.213.2.11
--- src/sys/net/rtsock.c:1.213.2.10	Sat May  5 19:07:51 2018
+++ src/sys/net/rtsock.c	Wed Nov 21 12:01:11 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: rtsock.c,v 1.213.2.10 2018/05/05 19:07:51 martin Exp $	*/
+/*	$NetBSD: rtsock.c,v 1.213.2.11 2018/11/21 12:01:11 martin Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.213.2.10 2018/05/05 19:07:51 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.213.2.11 2018/11/21 12:01:11 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -1294,7 +1294,7 @@ again:
 			if (rw->w_tmemsize < len) {
 				if (rw->w_tmem)
 					kmem_free(rw->w_tmem, rw->w_tmemsize);
-				rw->w_tmem = kmem_alloc(len, KM_SLEEP);
+				rw->w_tmem = kmem_zalloc(len, KM_SLEEP);
 				rw->w_tmemsize = len;
 			}
 			if (rw->w_tmem) {
@@ -1863,7 +1863,7 @@ sysctl_rtable(SYSCTLFN_ARGS)
 again:
 	/* we may return here if a later [re]alloc of the t_mem buffer fails */
 	if (w.w_tmemneeded) {
-		w.w_tmem = kmem_alloc(w.w_tmemneeded, KM_SLEEP);
+		w.w_tmem = kmem_zalloc(w.w_tmemneeded, KM_SLEEP);
 		w.w_tmemsize = w.w_tmemneeded;
 		w.w_tmemneeded = 0;
 	}

Reply via email to