Module Name: src
Committed By: christos
Date: Sun Aug 15 07:57:46 UTC 2021
Modified Files:
src/sys/compat/common: vfs_syscalls_30.c vfs_syscalls_43.c
vfs_syscalls_50.c
Log Message:
- memset struct stat to avoid kernel memory disclosure of padded fields
(thanks Trend Micro for the report)
- use do_fhstat
- consistency in argument order of compat functions
To generate a diff of this commit:
cvs rdiff -u -r1.41 -r1.42 src/sys/compat/common/vfs_syscalls_30.c
cvs rdiff -u -r1.66 -r1.67 src/sys/compat/common/vfs_syscalls_43.c
cvs rdiff -u -r1.25 -r1.26 src/sys/compat/common/vfs_syscalls_50.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/common/vfs_syscalls_30.c
diff -u src/sys/compat/common/vfs_syscalls_30.c:1.41 src/sys/compat/common/vfs_syscalls_30.c:1.42
--- src/sys/compat/common/vfs_syscalls_30.c:1.41 Fri Jan 31 04:01:23 2020
+++ src/sys/compat/common/vfs_syscalls_30.c Sun Aug 15 03:57:46 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_syscalls_30.c,v 1.41 2020/01/31 09:01:23 maxv Exp $ */
+/* $NetBSD: vfs_syscalls_30.c,v 1.42 2021/08/15 07:57:46 christos Exp $ */
/*-
* Copyright (c) 2005, 2008 The NetBSD Foundation, Inc.
@@ -29,7 +29,7 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_30.c,v 1.41 2020/01/31 09:01:23 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_30.c,v 1.42 2021/08/15 07:57:46 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -63,8 +63,6 @@ __KERNEL_RCSID(0, "$NetBSD: vfs_syscalls
#include <compat/sys/mount.h>
#include <compat/sys/statvfs.h>
-static void cvtstat(struct stat13 *, const struct stat *);
-
static const struct syscall_package vfs_syscalls_30_syscalls[] = {
{ SYS_compat_30___fhstat30, 0, (sy_call_t *)compat_30_sys___fhstat30 },
{ SYS_compat_30___fstat13, 0, (sy_call_t *)compat_30_sys___fstat13 },
@@ -85,6 +83,8 @@ static void
cvtstat(struct stat13 *ost, const struct stat *st)
{
+ /* Handle any padding. */
+ memset(ost, 0, sizeof(*ost));
ost->st_dev = st->st_dev;
ost->st_ino = (uint32_t)st->st_ino;
ost->st_mode = st->st_mode;
@@ -123,8 +123,7 @@ compat_30_sys___stat13(struct lwp *l,
if (error)
return error;
cvtstat(&osb, &sb);
- error = copyout(&osb, SCARG(uap, ub), sizeof (osb));
- return error;
+ return copyout(&osb, SCARG(uap, ub), sizeof(osb));
}
@@ -148,8 +147,7 @@ compat_30_sys___lstat13(struct lwp *l,
if (error)
return error;
cvtstat(&osb, &sb);
- error = copyout(&osb, SCARG(uap, ub), sizeof (osb));
- return error;
+ return copyout(&osb, SCARG(uap, ub), sizeof(osb));
}
/* ARGSUSED */
@@ -164,34 +162,12 @@ compat_30_sys_fhstat(struct lwp *l,
struct stat sb;
struct stat13 osb;
int error;
- struct compat_30_fhandle fh;
- struct mount *mp;
- struct vnode *vp;
-
- /*
- * Must be super user
- */
- if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FILEHANDLE,
- 0, NULL, NULL, NULL)))
- return (error);
- if ((error = copyin(SCARG(uap, fhp), &fh, sizeof(fh))) != 0)
- return (error);
-
- if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
- return (ESTALE);
- if (mp->mnt_op->vfs_fhtovp == NULL)
- return EOPNOTSUPP;
- error = VFS_FHTOVP(mp, (struct fid*)&fh.fh_fid, LK_EXCLUSIVE, &vp);
- if (error != 0)
- return (error);
- error = vn_stat(vp, &sb);
- vput(vp);
+ error = do_fhstat(l, SCARG(uap, fhp), sizeof(*SCARG(uap, fhp)), &sb);
if (error)
- return (error);
+ return error;
cvtstat(&osb, &sb);
- error = copyout(&osb, SCARG(uap, sb), sizeof(osb));
- return (error);
+ return copyout(&osb, SCARG(uap, sb), sizeof(osb));
}
/*
@@ -214,8 +190,7 @@ compat_30_sys___fstat13(struct lwp *l,
if (error)
return error;
cvtstat(&osb, &sb);
- error = copyout(&osb, SCARG(uap, sb), sizeof (osb));
- return error;
+ return copyout(&osb, SCARG(uap, sb), sizeof(osb));
}
/*
@@ -292,7 +267,7 @@ again:
bdp = (struct dirent *)inp;
reclen = bdp->d_reclen;
if (reclen & _DIRENT_ALIGN(bdp))
- panic("netbsd30_getdents: bad reclen %d", reclen);
+ panic("%s: bad reclen %d", __func__, reclen);
if (cookie)
off = *cookie++; /* each entry points to the next */
else
@@ -396,9 +371,8 @@ compat_30_sys_getfh(struct lwp *l, const
error = EINVAL;
}
if (error)
- return (error);
- error = copyout(&fh, SCARG(uap, fhp), sizeof(struct compat_30_fhandle));
- return (error);
+ return error;
+ return copyout(&fh, SCARG(uap, fhp), sizeof(fh));
}
/*
@@ -437,8 +411,7 @@ compat_30_sys___fhstat30(struct lwp *l,
if (error)
return error;
cvtstat(&osb, &sb);
- error = copyout(&osb, SCARG(uap_30, sb), sizeof (osb));
- return error;
+ return copyout(&osb, SCARG(uap_30, sb), sizeof(osb));
}
/* ARGSUSED */
Index: src/sys/compat/common/vfs_syscalls_43.c
diff -u src/sys/compat/common/vfs_syscalls_43.c:1.66 src/sys/compat/common/vfs_syscalls_43.c:1.67
--- src/sys/compat/common/vfs_syscalls_43.c:1.66 Wed Jun 24 06:28:16 2020
+++ src/sys/compat/common/vfs_syscalls_43.c Sun Aug 15 03:57:46 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_syscalls_43.c,v 1.66 2020/06/24 10:28:16 jdolecek Exp $ */
+/* $NetBSD: vfs_syscalls_43.c,v 1.67 2021/08/15 07:57:46 christos Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_43.c,v 1.66 2020/06/24 10:28:16 jdolecek Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_43.c,v 1.67 2021/08/15 07:57:46 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -75,9 +75,6 @@ __KERNEL_RCSID(0, "$NetBSD: vfs_syscalls
#include <compat/common/compat_util.h>
#include <compat/common/compat_mod.h>
-static void cvttimespec(struct timespec *, struct timespec50 *);
-static void cvtstat(struct stat *, struct stat43 *);
-
static struct syscall_package vfs_syscalls_43_syscalls[] = {
{ SYS_compat_43_oquota, 0, (sy_call_t *)compat_43_sys_quota },
{ SYS_compat_43_stat43, 0, (sy_call_t *)compat_43_sys_stat },
@@ -96,7 +93,7 @@ static struct syscall_package vfs_syscal
* Convert from an old to a new timespec structure.
*/
static void
-cvttimespec(struct timespec *ts, struct timespec50 *ots)
+cvttimespec(struct timespec50 *ots, const struct timespec *ts)
{
if (ts->tv_sec > INT_MAX) {
@@ -120,11 +117,11 @@ cvttimespec(struct timespec *ts, struct
* Convert from an old to a new stat structure.
*/
static void
-cvtstat(struct stat *st, struct stat43 *ost)
+cvtstat(struct stat43 *ost, const struct stat *st)
{
/* Handle any padding. */
- memset(ost, 0, sizeof *ost);
+ memset(ost, 0, sizeof(*ost));
ost->st_dev = st->st_dev;
ost->st_ino = st->st_ino;
ost->st_mode = st->st_mode & 0xffff;
@@ -136,9 +133,9 @@ cvtstat(struct stat *st, struct stat43 *
ost->st_size = st->st_size;
else
ost->st_size = -2;
- cvttimespec(&st->st_atimespec, &ost->st_atimespec);
- cvttimespec(&st->st_mtimespec, &ost->st_mtimespec);
- cvttimespec(&st->st_ctimespec, &ost->st_ctimespec);
+ cvttimespec(&ost->st_atimespec, &st->st_atimespec);
+ cvttimespec(&ost->st_mtimespec, &st->st_mtimespec);
+ cvttimespec(&ost->st_ctimespec, &st->st_ctimespec);
ost->st_blksize = st->st_blksize;
ost->st_blocks = st->st_blocks;
ost->st_flags = st->st_flags;
@@ -162,10 +159,9 @@ compat_43_sys_stat(struct lwp *l, const
error = do_sys_stat(SCARG(uap, path), FOLLOW, &sb);
if (error)
- return (error);
- cvtstat(&sb, &osb);
- error = copyout((void *)&osb, (void *)SCARG(uap, ub), sizeof (osb));
- return (error);
+ return error;
+ cvtstat(&osb, &sb);
+ return copyout(&osb, SCARG(uap, ub), sizeof(osb));
}
/*
@@ -177,7 +173,7 @@ compat_43_sys_lstat(struct lwp *l, const
{
/* {
syscallarg(char *) path;
- syscallarg(struct ostat *) ub;
+ syscallarg(struct stat43 *) ub;
} */
struct stat sb;
struct stat43 osb;
@@ -192,9 +188,8 @@ compat_43_sys_lstat(struct lwp *l, const
* containing directory, except for mode, size, and links.
* This is no longer emulated, the parent directory is not consulted.
*/
- cvtstat(&sb, &osb);
- error = copyout((void *)&osb, (void *)SCARG(uap, ub), sizeof (osb));
- return (error);
+ cvtstat(&osb, &sb);
+ return copyout(&osb, SCARG(uap, ub), sizeof(osb));
}
/*
@@ -208,18 +203,16 @@ compat_43_sys_fstat(struct lwp *l, const
syscallarg(int) fd;
syscallarg(struct stat43 *) sb;
} */
- struct stat ub;
- struct stat43 oub;
+ struct stat sb;
+ struct stat43 osb;
int error;
- error = do_sys_fstat(SCARG(uap, fd), &ub);
- if (error == 0) {
- cvtstat(&ub, &oub);
- error = copyout((void *)&oub, (void *)SCARG(uap, sb),
- sizeof (oub));
- }
+ error = do_sys_fstat(SCARG(uap, fd), &sb);
+ if (error)
+ return error;
- return (error);
+ cvtstat(&osb, &sb);
+ return copyout(&osb, SCARG(uap, sb), sizeof(osb));
}
@@ -242,7 +235,7 @@ compat_43_sys_ftruncate(struct lwp *l, c
SCARG(&nuap, fd) = SCARG(uap, fd);
SCARG(&nuap, length) = SCARG(uap, length);
- return (sys_ftruncate(l, &nuap, retval));
+ return sys_ftruncate(l, &nuap, retval);
}
/*
@@ -481,7 +474,7 @@ out1:
fd_putfile(SCARG(uap, fd));
if (error)
return error;
- return copyout(&loff, SCARG(uap, basep), sizeof(long));
+ return copyout(&loff, SCARG(uap, basep), sizeof(loff));
}
int
Index: src/sys/compat/common/vfs_syscalls_50.c
diff -u src/sys/compat/common/vfs_syscalls_50.c:1.25 src/sys/compat/common/vfs_syscalls_50.c:1.26
--- src/sys/compat/common/vfs_syscalls_50.c:1.25 Mon Jan 20 21:37:16 2020
+++ src/sys/compat/common/vfs_syscalls_50.c Sun Aug 15 03:57:46 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_syscalls_50.c,v 1.25 2020/01/21 02:37:16 pgoyette Exp $ */
+/* $NetBSD: vfs_syscalls_50.c,v 1.26 2021/08/15 07:57:46 christos Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -29,7 +29,7 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_50.c,v 1.25 2020/01/21 02:37:16 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_50.c,v 1.26 2021/08/15 07:57:46 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -69,8 +69,6 @@ __KERNEL_RCSID(0, "$NetBSD: vfs_syscalls
#include <compat/sys/dirent.h>
#include <compat/sys/mount.h>
-static void cvtstat(struct stat30 *, const struct stat *);
-
static const struct syscall_package vfs_syscalls_50_syscalls[] = {
{ SYS_compat_50___stat30, 0, (sy_call_t *)compat_50_sys___stat30 },
{ SYS_compat_50___fstat30, 0, (sy_call_t *)compat_50_sys___fstat30 },
@@ -92,6 +90,8 @@ static void
cvtstat(struct stat30 *ost, const struct stat *st)
{
+ /* Handle any padding. */
+ memset(ost, 0, sizeof(*ost));
ost->st_dev = st->st_dev;
ost->st_ino = st->st_ino;
ost->st_mode = st->st_mode;
@@ -130,8 +130,7 @@ compat_50_sys___stat30(struct lwp *l, co
if (error)
return error;
cvtstat(&osb, &sb);
- error = copyout(&osb, SCARG(uap, ub), sizeof (osb));
- return error;
+ return copyout(&osb, SCARG(uap, ub), sizeof(osb));
}
@@ -154,8 +153,7 @@ compat_50_sys___lstat30(struct lwp *l, c
if (error)
return error;
cvtstat(&osb, &sb);
- error = copyout(&osb, SCARG(uap, ub), sizeof (osb));
- return error;
+ return copyout(&osb, SCARG(uap, ub), sizeof(osb));
}
/*
@@ -177,8 +175,7 @@ compat_50_sys___fstat30(struct lwp *l, c
if (error)
return error;
cvtstat(&osb, &sb);
- error = copyout(&osb, SCARG(uap, sb), sizeof (osb));
- return error;
+ return copyout(&osb, SCARG(uap, sb), sizeof(osb));
}
/* ARGSUSED */
@@ -198,8 +195,7 @@ compat_50_sys___fhstat40(struct lwp *l,
if (error)
return error;
cvtstat(&osb, &sb);
- error = copyout(&osb, SCARG(uap, sb), sizeof (osb));
- return error;
+ return copyout(&osb, SCARG(uap, sb), sizeof(osb));
}
static int
