Module Name: src
Committed By: maxv
Date: Fri Mar 20 20:36:28 UTC 2015
Modified Files:
src/sys/compat/linux/common: linux_exec_elf32.c
src/sys/compat/linux32/common: linux32_exec_elf32.c
src/sys/compat/netbsd32: netbsd32_exec_elf32.c
src/sys/compat/svr4_32: svr4_32_exec_elf32.c
src/sys/kern: exec_elf.c
Log Message:
Zero-fill the ELF auxiliary vectors. Otherwise, on 64bit systems, the
padding between a_v and a_type contains kernel garbage, therefore
exposed to userland.
Original report by uebayasi@
To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 src/sys/compat/linux/common/linux_exec_elf32.c
cvs rdiff -u -r1.17 -r1.18 src/sys/compat/linux32/common/linux32_exec_elf32.c
cvs rdiff -u -r1.38 -r1.39 src/sys/compat/netbsd32/netbsd32_exec_elf32.c
cvs rdiff -u -r1.23 -r1.24 src/sys/compat/svr4_32/svr4_32_exec_elf32.c
cvs rdiff -u -r1.70 -r1.71 src/sys/kern/exec_elf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/linux/common/linux_exec_elf32.c
diff -u src/sys/compat/linux/common/linux_exec_elf32.c:1.91 src/sys/compat/linux/common/linux_exec_elf32.c:1.92
--- src/sys/compat/linux/common/linux_exec_elf32.c:1.91 Tue Apr 15 17:29:00 2014
+++ src/sys/compat/linux/common/linux_exec_elf32.c Fri Mar 20 20:36:27 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_exec_elf32.c,v 1.91 2014/04/15 17:29:00 maxv Exp $ */
+/* $NetBSD: linux_exec_elf32.c,v 1.92 2015/03/20 20:36:27 maxv Exp $ */
/*-
* Copyright (c) 1995, 1998, 2000, 2001 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_exec_elf32.c,v 1.91 2014/04/15 17:29:00 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_exec_elf32.c,v 1.92 2015/03/20 20:36:27 maxv Exp $");
#ifndef ELFSIZE
/* XXX should die */
@@ -391,6 +391,8 @@ ELFNAME2(linux,copyargs)(struct lwp *l,
a = ai;
+ memset(ai, 0, sizeof(ai));
+
/*
* Push extra arguments used by glibc on the stack.
*/
Index: src/sys/compat/linux32/common/linux32_exec_elf32.c
diff -u src/sys/compat/linux32/common/linux32_exec_elf32.c:1.17 src/sys/compat/linux32/common/linux32_exec_elf32.c:1.18
--- src/sys/compat/linux32/common/linux32_exec_elf32.c:1.17 Sun Feb 23 16:07:40 2014
+++ src/sys/compat/linux32/common/linux32_exec_elf32.c Fri Mar 20 20:36:27 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: linux32_exec_elf32.c,v 1.17 2014/02/23 16:07:40 njoly Exp $ */
+/* $NetBSD: linux32_exec_elf32.c,v 1.18 2015/03/20 20:36:27 maxv Exp $ */
/*-
* Copyright (c) 1995, 1998, 2000, 2001,2006 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux32_exec_elf32.c,v 1.17 2014/02/23 16:07:40 njoly Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux32_exec_elf32.c,v 1.18 2015/03/20 20:36:27 maxv Exp $");
#define ELFSIZE 32
@@ -119,6 +119,8 @@ linux32_elf32_copyargs(struct lwp *l, st
a = ai;
+ memset(ai, 0, sizeof(ai));
+
/*
* Push extra arguments on the stack needed by dynamically
* linked binaries and static binaries as well.
Index: src/sys/compat/netbsd32/netbsd32_exec_elf32.c
diff -u src/sys/compat/netbsd32/netbsd32_exec_elf32.c:1.38 src/sys/compat/netbsd32/netbsd32_exec_elf32.c:1.39
--- src/sys/compat/netbsd32/netbsd32_exec_elf32.c:1.38 Fri Oct 24 21:08:36 2014
+++ src/sys/compat/netbsd32/netbsd32_exec_elf32.c Fri Mar 20 20:36:27 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_exec_elf32.c,v 1.38 2014/10/24 21:08:36 christos Exp $ */
+/* $NetBSD: netbsd32_exec_elf32.c,v 1.39 2015/03/20 20:36:27 maxv Exp $ */
/* from: NetBSD: exec_aout.c,v 1.15 1996/09/26 23:34:46 cgd Exp */
/*
@@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_exec_elf32.c,v 1.38 2014/10/24 21:08:36 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_exec_elf32.c,v 1.39 2015/03/20 20:36:27 maxv Exp $");
#define ELFSIZE 32
@@ -141,6 +141,8 @@ netbsd32_elf32_copyargs(struct lwp *l, s
a = ai;
+ memset(ai, 0, sizeof(ai));
+
/*
* Push extra arguments on the stack needed by dynamically
* linked binaries
Index: src/sys/compat/svr4_32/svr4_32_exec_elf32.c
diff -u src/sys/compat/svr4_32/svr4_32_exec_elf32.c:1.23 src/sys/compat/svr4_32/svr4_32_exec_elf32.c:1.24
--- src/sys/compat/svr4_32/svr4_32_exec_elf32.c:1.23 Wed Apr 9 11:40:03 2014
+++ src/sys/compat/svr4_32/svr4_32_exec_elf32.c Fri Mar 20 20:36:27 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: svr4_32_exec_elf32.c,v 1.23 2014/04/09 11:40:03 maxv Exp $ */
+/* $NetBSD: svr4_32_exec_elf32.c,v 1.24 2015/03/20 20:36:27 maxv Exp $ */
/*-
* Copyright (c) 1994 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: svr4_32_exec_elf32.c,v 1.23 2014/04/09 11:40:03 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: svr4_32_exec_elf32.c,v 1.24 2015/03/20 20:36:27 maxv Exp $");
#define ELFSIZE 32 /* XXX should die */
@@ -81,6 +81,8 @@ svr4_32_copyargs(struct lwp *l, struct e
a = ai;
+ memset(ai, 0, sizeof(ai));
+
/*
* Push extra arguments on the stack needed by dynamically
* linked binaries
@@ -200,6 +202,8 @@ svr4_32_copyargs(struct lwp *l, struct e
a = ai;
+ memset(ai, 0, sizeof(ai));
+
/*
* Push extra arguments on the stack needed by dynamically
* linked binaries
Index: src/sys/kern/exec_elf.c
diff -u src/sys/kern/exec_elf.c:1.70 src/sys/kern/exec_elf.c:1.71
--- src/sys/kern/exec_elf.c:1.70 Sun Aug 17 23:03:58 2014
+++ src/sys/kern/exec_elf.c Fri Mar 20 20:36:28 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: exec_elf.c,v 1.70 2014/08/17 23:03:58 chs Exp $ */
+/* $NetBSD: exec_elf.c,v 1.71 2015/03/20 20:36:28 maxv Exp $ */
/*-
* Copyright (c) 1994, 2000, 2005 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.70 2014/08/17 23:03:58 chs Exp $");
+__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.71 2015/03/20 20:36:28 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_pax.h"
@@ -178,6 +178,8 @@ elf_copyargs(struct lwp *l, struct exec_
a = ai;
execname = NULL;
+ memset(ai, 0, sizeof(ai));
+
/*
* Push extra arguments on the stack needed by dynamically
* linked binaries
