Date: Tue, 4 Apr 2017 17:32:09 +0000 (UTC) From: Brooks Davis <brooks@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r316497 - head/sys/kern Message-ID: <201704041732.v34HW9pD091344@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brooks Date: Tue Apr 4 17:32:08 2017 New Revision: 316497 URL: https://svnweb.freebsd.org/changeset/base/316497 Log: Correct a kernel stack leak in 32-bit compat when vfc_name is short. Don't zero unused pointer members again. Per discussion with secteam we are not issuing an advisory for this issue as we have no current evidence it leaks exploitable information. Reviewed by: rwatson, glebius, delphij MFC after: 1 day Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D10227 Modified: head/sys/kern/vfs_subr.c Modified: head/sys/kern/vfs_subr.c ============================================================================== --- head/sys/kern/vfs_subr.c Tue Apr 4 17:18:45 2017 (r316496) +++ head/sys/kern/vfs_subr.c Tue Apr 4 17:32:08 2017 (r316497) @@ -3781,12 +3781,11 @@ vfsconf2x32(struct sysctl_req *req, stru { struct xvfsconf32 xvfsp; + bzero(&xvfsp, sizeof(xvfsp)); strcpy(xvfsp.vfc_name, vfsp->vfc_name); xvfsp.vfc_typenum = vfsp->vfc_typenum; xvfsp.vfc_refcount = vfsp->vfc_refcount; xvfsp.vfc_flags = vfsp->vfc_flags; - xvfsp.vfc_vfsops = 0; - xvfsp.vfc_next = 0; return (SYSCTL_OUT(req, &xvfsp, sizeof(xvfsp))); } #endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704041732.v34HW9pD091344>