> On 22 Oct 2019, at 16:50, Alan Somers <asom...@freebsd.org
> <mailto:asom...@freebsd.org>> wrote:
>
> On Wed, Oct 16, 2019 at 7:21 AM Andrew Turner <and...@freebsd.org
> <mailto:and...@freebsd.org>> wrote:
> Author: andrew
> Date: Wed Oct 16 13:21:01 2019
> New Revision: 353640
> URL: https://svnweb.freebsd.org/changeset/base/353640
> <https://svnweb.freebsd.org/changeset/base/353640>
>
> Log:
> Stop leaking information from the kernel through timespec
>
> The timespec struct holds a seconds value in a time_t and a nanoseconds
> value in a long. On most architectures these are the same size, however
> on 32-bit architectures other than i386 time_t is 8 bytes and long is
> 4 bytes.
>
> Most ABIs will then pad a struct holding an 8 byte and 4 byte value to
> 16 bytes with 4 bytes of padding. When copying one of these structs the
> compiler is free to copy the padding if it wishes.
>
> In this case the padding may contain kernel data that is then leaked to
> userspace. Fix this by copying the timespec elements rather than the
> entire struct.
>
> This doesn't affect Tier-1 architectures so no SA is expected.
>
> admbugs: 651
> MFC after: 1 week
> Sponsored by: DARPA, AFRL
>
> Good catch. Might I ask how you found it, or who reported it?
I found it via one of the tests. It uses memcmp to check the struct returned
was identical to what it expected. On closer inspection I found the difference
was in the padding.
Andrew
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"