Site Navigation

Date:      Wed, 23 Jan 2019 14:22:21 +0000 (UTC)
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r343345 - in stable/11/sys: amd64/linux compat/linux
Message-ID:  <201901231422.x0NEMLZC003172@repo.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: emaste
Date: Wed Jan 23 14:22:21 2019
New Revision: 343345
URL: https://svnweb.freebsd.org/changeset/base/343345

Log:
  MFC linuxulator stack memory disclosure fixes
  
  r343260 linuxulator: fix stack memory disclosure in linux_ioctl_v4l
  r343261 linuxulator: fix stack memory disclosure in linux_ioctl_termio
  r343262 linuxulator: fix stack memory disclosure in linux_sigaltstack
  r343263 linuxulator: fix stack memory disclosure in linux_sigaltstack
  
  admbugs:	765
  Reported by:	Vlad Tsyrklevich <vlad@tsyrklevich.net>
  Security:	Kernel stack memory disclosure
  Sponsored by:	The FreeBSD Foundation

Modified:
  stable/11/sys/amd64/linux/linux_machdep.c
  stable/11/sys/compat/linux/linux_ioctl.c
  stable/11/sys/compat/linux/linux_misc.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/amd64/linux/linux_machdep.c
==============================================================================
--- stable/11/sys/amd64/linux/linux_machdep.c	Wed Jan 23 14:21:23 2019	(r343344)
+++ stable/11/sys/amd64/linux/linux_machdep.c	Wed Jan 23 14:22:21 2019	(r343345)
@@ -200,6 +200,7 @@ linux_sigaltstack(struct thread *td, struct linux_siga
 	l_stack_t lss;
 	int error;
 
+	memset(&lss, 0, sizeof(lss));
 	LINUX_CTR2(sigaltstack, "%p, %p", uap->uss, uap->uoss);
 
 	if (uap->uss != NULL) {

Modified: stable/11/sys/compat/linux/linux_ioctl.c
==============================================================================
--- stable/11/sys/compat/linux/linux_ioctl.c	Wed Jan 23 14:21:23 2019	(r343344)
+++ stable/11/sys/compat/linux/linux_ioctl.c	Wed Jan 23 14:22:21 2019	(r343345)
@@ -688,6 +688,7 @@ bsd_to_linux_termio(struct termios *bios, struct linux
 {
 	struct linux_termios lios;
 
+	memset(lio, 0, sizeof(*lio));
 	bsd_to_linux_termios(bios, &lios);
 	lio->c_iflag = lios.c_iflag;
 	lio->c_oflag = lios.c_oflag;
@@ -2851,6 +2852,8 @@ linux_to_bsd_v4l_window(struct l_video_window *lvw, st
 static int
 bsd_to_linux_v4l_window(struct video_window *vw, struct l_video_window *lvw)
 {
+	memset(lvw, 0, sizeof(*lvw));
+
 	lvw->x = vw->x;
 	lvw->y = vw->y;
 	lvw->width = vw->width;

Modified: stable/11/sys/compat/linux/linux_misc.c
==============================================================================
--- stable/11/sys/compat/linux/linux_misc.c	Wed Jan 23 14:21:23 2019	(r343344)
+++ stable/11/sys/compat/linux/linux_misc.c	Wed Jan 23 14:22:21 2019	(r343345)
@@ -1079,9 +1079,8 @@ linux_waitid(struct thread *td, struct linux_waitid_ar
 	}
 	if (args->info != NULL) {
 		p = td->td_proc;
-		if (td->td_retval[0] == 0)
-			bzero(&lsi, sizeof(lsi));
-		else {
+		bzero(&lsi, sizeof(lsi));
+		if (td->td_retval[0] != 0) {
 			sig = bsd_to_linux_signal(siginfo.si_signo);
 			siginfo_to_lsiginfo(&siginfo, &lsi, sig);
 		}

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201901231422.x0NEMLZC003172>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact