Module Name: src
Committed By: christos
Date: Thu Apr 18 17:45:12 UTC 2019
Modified Files:
src/sys/compat/common: uipc_syscalls_40.c
src/sys/compat/linux/common: linux_socket.c
src/sys/compat/linux32/common: linux32_socket.c
Log Message:
Zero out the ifreq struct for SIOCGIFCONF to avoid up to 127 bytes of stack
disclosure. From Andy Nguyen, many thanks! This is the compat code part
pointed out by ozaki-r@
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/sys/compat/common/uipc_syscalls_40.c
cvs rdiff -u -r1.144 -r1.145 src/sys/compat/linux/common/linux_socket.c
cvs rdiff -u -r1.29 -r1.30 src/sys/compat/linux32/common/linux32_socket.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/common/uipc_syscalls_40.c
diff -u src/sys/compat/common/uipc_syscalls_40.c:1.18 src/sys/compat/common/uipc_syscalls_40.c:1.19
--- src/sys/compat/common/uipc_syscalls_40.c:1.18 Fri Mar 1 06:06:56 2019
+++ src/sys/compat/common/uipc_syscalls_40.c Thu Apr 18 13:45:12 2019
@@ -1,9 +1,9 @@
-/* $NetBSD: uipc_syscalls_40.c,v 1.18 2019/03/01 11:06:56 pgoyette Exp $ */
+/* $NetBSD: uipc_syscalls_40.c,v 1.19 2019/04/18 17:45:12 christos Exp $ */
/* written by Pavel Cahyna, 2006. Public domain. */
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls_40.c,v 1.18 2019/03/01 11:06:56 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls_40.c,v 1.19 2019/04/18 17:45:12 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -56,6 +56,7 @@ compat_ifconf(u_long cmd, void *data)
return ENOSYS;
}
+ memset(&ifr, 0, sizeof(ifr));
if (docopy) {
space = ifc->ifc_len;
ifrp = ifc->ifc_req;
Index: src/sys/compat/linux/common/linux_socket.c
diff -u src/sys/compat/linux/common/linux_socket.c:1.144 src/sys/compat/linux/common/linux_socket.c:1.145
--- src/sys/compat/linux/common/linux_socket.c:1.144 Sun Feb 3 23:37:50 2019
+++ src/sys/compat/linux/common/linux_socket.c Thu Apr 18 13:45:12 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_socket.c,v 1.144 2019/02/04 04:37:50 mrg Exp $ */
+/* $NetBSD: linux_socket.c,v 1.145 2019/04/18 17:45:12 christos Exp $ */
/*-
* Copyright (c) 1995, 1998, 2008 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.144 2019/02/04 04:37:50 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.145 2019/04/18 17:45:12 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -1136,6 +1136,7 @@ linux_getifconf(struct lwp *l, register_
if (error)
return error;
+ memset(&ifr, 0, sizeof(ifr));
docopy = ifc.ifc_req != NULL;
if (docopy) {
space = ifc.ifc_len;
Index: src/sys/compat/linux32/common/linux32_socket.c
diff -u src/sys/compat/linux32/common/linux32_socket.c:1.29 src/sys/compat/linux32/common/linux32_socket.c:1.30
--- src/sys/compat/linux32/common/linux32_socket.c:1.29 Wed May 9 21:32:24 2018
+++ src/sys/compat/linux32/common/linux32_socket.c Thu Apr 18 13:45:12 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: linux32_socket.c,v 1.29 2018/05/10 01:32:24 ozaki-r Exp $ */
+/* $NetBSD: linux32_socket.c,v 1.30 2019/04/18 17:45:12 christos Exp $ */
/*-
* Copyright (c) 2006 Emmanuel Dreyfus, all rights reserved.
@@ -33,7 +33,7 @@
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux32_socket.c,v 1.29 2018/05/10 01:32:24 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux32_socket.c,v 1.30 2019/04/18 17:45:12 christos Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -431,6 +431,7 @@ linux32_getifconf(struct lwp *l, registe
if (error)
return error;
+ memset(&ifr, 0, sizeof(ifr));
docopy = NETBSD32PTR64(ifc.ifc_req) != NULL;
if (docopy) {
space = ifc.ifc_len;
