Module Name: src
Committed By: martin
Date: Wed Jan 2 15:27:23 UTC 2019
Modified Files:
src/sys/compat/netbsd32 [netbsd-7-0]: netbsd32_compat_14.c
netbsd32_conv.h
src/sys/compat/sys [netbsd-7-0]: msg.h
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1668):
sys/compat/netbsd32/netbsd32_conv.h: revision 1.37
sys/compat/netbsd32/netbsd32_compat_14.c: revision 1.27
sys/compat/sys/msg.h: revision 1.5
Fix kernel info leaks.
+ Possible info leak: [len=80, leaked=10]
| #0 0xffffffff80bad7a7 in kleak_copyout
| #1 0xffffffff8048e71b in netbsd32___msgctl50
| #2 0xffffffff8022fb5b in netbsd32_syscall
| #3 0xffffffff802096dd in handle_syscall
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.21.78.1 src/sys/compat/netbsd32/netbsd32_compat_14.c
cvs rdiff -u -r1.28 -r1.28.8.1 src/sys/compat/netbsd32/netbsd32_conv.h
cvs rdiff -u -r1.4 -r1.4.44.1 src/sys/compat/sys/msg.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/netbsd32/netbsd32_compat_14.c
diff -u src/sys/compat/netbsd32/netbsd32_compat_14.c:1.21 src/sys/compat/netbsd32/netbsd32_compat_14.c:1.21.78.1
--- src/sys/compat/netbsd32/netbsd32_compat_14.c:1.21 Thu Dec 20 23:03:01 2007
+++ src/sys/compat/netbsd32/netbsd32_compat_14.c Wed Jan 2 15:27:23 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_compat_14.c,v 1.21 2007/12/20 23:03:01 dsl Exp $ */
+/* $NetBSD: netbsd32_compat_14.c,v 1.21.78.1 2019/01/02 15:27:23 martin Exp $ */
/*
* Copyright (c) 1999 Eduardo E. Horvath
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_compat_14.c,v 1.21 2007/12/20 23:03:01 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_compat_14.c,v 1.21.78.1 2019/01/02 15:27:23 martin Exp $");
#include <sys/param.h>
#include <sys/ipc.h>
@@ -126,6 +126,7 @@ static inline void
native_to_netbsd32_msqid_ds14(struct msqid_ds *msqbuf, struct netbsd32_msqid_ds14 *omsqbuf)
{
+ memset(omsqbuf, 0, sizeof(*omsqbuf));
native_to_netbsd32_ipc_perm14(&msqbuf->msg_perm, &omsqbuf->msg_perm);
#define CVT(x) omsqbuf->x = msqbuf->x
Index: src/sys/compat/netbsd32/netbsd32_conv.h
diff -u src/sys/compat/netbsd32/netbsd32_conv.h:1.28 src/sys/compat/netbsd32/netbsd32_conv.h:1.28.8.1
--- src/sys/compat/netbsd32/netbsd32_conv.h:1.28 Tue Mar 18 18:20:41 2014
+++ src/sys/compat/netbsd32/netbsd32_conv.h Wed Jan 2 15:27:23 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_conv.h,v 1.28 2014/03/18 18:20:41 riastradh Exp $ */
+/* $NetBSD: netbsd32_conv.h,v 1.28.8.1 2019/01/02 15:27:23 martin Exp $ */
/*
* Copyright (c) 1998, 2001 Matthew R. Green
@@ -543,6 +543,7 @@ netbsd32_from_msqid_ds50(const struct ms
struct netbsd32_msqid_ds50 *ds32p)
{
+ memset(ds32p, 0, sizeof(*ds32p));
netbsd32_from_ipc_perm(&dsp->msg_perm, &ds32p->msg_perm);
ds32p->_msg_cbytes = (netbsd32_u_long)dsp->_msg_cbytes;
ds32p->msg_qnum = (netbsd32_u_long)dsp->msg_qnum;
@@ -559,6 +560,7 @@ netbsd32_from_msqid_ds(const struct msqi
struct netbsd32_msqid_ds *ds32p)
{
+ memset(ds32p, 0, sizeof(*ds32p));
netbsd32_from_ipc_perm(&dsp->msg_perm, &ds32p->msg_perm);
ds32p->_msg_cbytes = (netbsd32_u_long)dsp->_msg_cbytes;
ds32p->msg_qnum = (netbsd32_u_long)dsp->msg_qnum;
Index: src/sys/compat/sys/msg.h
diff -u src/sys/compat/sys/msg.h:1.4 src/sys/compat/sys/msg.h:1.4.44.1
--- src/sys/compat/sys/msg.h:1.4 Mon Jan 19 19:39:41 2009
+++ src/sys/compat/sys/msg.h Wed Jan 2 15:27:23 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: msg.h,v 1.4 2009/01/19 19:39:41 christos Exp $ */
+/* $NetBSD: msg.h,v 1.4.44.1 2019/01/02 15:27:23 martin Exp $ */
/*
* SVID compatible msg.h file
@@ -108,6 +108,7 @@ static __inline void
__native_to_msqid_ds13(const struct msqid_ds *msqbuf, struct msqid_ds13 *omsqbuf)
{
+ memset(omsqbuf, 0, sizeof(*omsqbuf));
omsqbuf->msg_perm = msqbuf->msg_perm;
#define CVT(x) omsqbuf->x = msqbuf->x
@@ -149,6 +150,7 @@ static __inline void
__native_to_msqid_ds14(const struct msqid_ds *msqbuf, struct msqid_ds14 *omsqbuf)
{
+ memset(omsqbuf, 0, sizeof(*omsqbuf));
__native_to_ipc_perm14(&msqbuf->msg_perm, &omsqbuf->msg_perm);
#define CVT(x) omsqbuf->x = msqbuf->x
