Author: emaste Date: Wed Apr 4 19:58:25 2018 New Revision: 332042 URL: https://svnweb.freebsd.org/changeset/base/332042
Log: Fix kernel memory disclosure in linux_ioctl_socket strlcpy is used to copy a string into a buffer to be copied to userland, previously leaving uninitialized data after the terminating NUL. Zero the buffer first to avoid a kernel memory disclosure. admbugs: 765, 811 MFC after: 1 day Reported by: Ilja Van Sprundel <ivansprun...@ioactive.com> Reported by: Vlad Tsyrklevich Sponsored by: The FreeBSD Foundation Modified: head/sys/compat/linux/linux_ioctl.c Modified: head/sys/compat/linux/linux_ioctl.c ============================================================================== --- head/sys/compat/linux/linux_ioctl.c Wed Apr 4 18:27:18 2018 (r332041) +++ head/sys/compat/linux/linux_ioctl.c Wed Apr 4 19:58:25 2018 (r332042) @@ -2478,6 +2478,7 @@ linux_ioctl_socket(struct thread *td, struct linux_ioc printf("%s(): ioctl %d on %.*s\n", __func__, args->cmd & 0xffff, LINUX_IFNAMSIZ, lifname); #endif + memset(ifname, 0, sizeof(ifname)); ifp = ifname_linux_to_bsd(td, lifname, ifname); if (ifp == NULL) return (EINVAL); _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"