Author: emaste
Date: Wed Apr 4 19:58:25 2018
New Revision: 332042
URL: https://svnweb.freebsd.org/changeset/base/332042
Log:
Fix kernel memory disclosure in linux_ioctl_socket
strlcpy is used to copy a string into a buffer to be copied to userland,
previously leaving uninitialized data after the terminating NUL. Zero
the buffer first to avoid a kernel memory disclosure.
admbugs: 765, 811
MFC after: 1 day
Reported by: Ilja Van Sprundel <ivansprun...@ioactive.com>
Reported by: Vlad Tsyrklevich
Sponsored by: The FreeBSD Foundation
Modified:
head/sys/compat/linux/linux_ioctl.c
Modified: head/sys/compat/linux/linux_ioctl.c
==============================================================================
--- head/sys/compat/linux/linux_ioctl.c Wed Apr 4 18:27:18 2018
(r332041)
+++ head/sys/compat/linux/linux_ioctl.c Wed Apr 4 19:58:25 2018
(r332042)
@@ -2478,6 +2478,7 @@ linux_ioctl_socket(struct thread *td, struct linux_ioc
printf("%s(): ioctl %d on %.*s\n", __func__,
args->cmd & 0xffff, LINUX_IFNAMSIZ, lifname);
#endif
+ memset(ifname, 0, sizeof(ifname));
ifp = ifname_linux_to_bsd(td, lifname, ifname);
if (ifp == NULL)
return (EINVAL);
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
