From nobody Tue Mar 29 20:18:36 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 3E7B71A33B66; Tue, 29 Mar 2022 20:18:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KSgqx1Db3z3H9g; Tue, 29 Mar 2022 20:18:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1648585117; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=T8RMFe9ycS9eNCbUVENBsOXbXK6GaSdk5GvW14oRd+Y=; b=sOeBqE28VJfAFpeiTtRY/nSURDExO2snbbVZA1EYD5sjJfFQ1KTdvR0hlEphbYiizfKxCg mySXu6PFgHQmw0W3Hu2zZz4jJMicwquUhmd2QrSBHdms3vZu1uQWSufsu0UoZYx2RyLlw1 ijGdcvJfvWOq4bldYSGZAf8+Cz6VwuQ34NgpBCY3OiF9bcr9MMHpi/1eSgRSltOkofTT5L 4ploMO3tZ05mPDm7mNJdrQAeRmo12iJe8sOkbM5RnkphxI9YhvD4HjTp5kbRMOc8OUYlkz 8vvH39tm2tGp+GsmKWZu+mZWZknu8XDbcn6Sc9ltVRu4dBdca7uc9R7o11VXmA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0A7B6251E4; Tue, 29 Mar 2022 20:18:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 22TKIaMQ024626; Tue, 29 Mar 2022 20:18:36 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 22TKIa4G024625; Tue, 29 Mar 2022 20:18:36 GMT (envelope-from git) Date: Tue, 29 Mar 2022 20:18:36 GMT Message-Id: <202203292018.22TKIa4G024625@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: d3aef2d8fc89 - stable/11 - Avoid kernel stack disclosure in compat32 stat List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/11 X-Git-Reftype: branch X-Git-Commit: d3aef2d8fc89def105f84dca7f35a901d861539c Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1648585117; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=T8RMFe9ycS9eNCbUVENBsOXbXK6GaSdk5GvW14oRd+Y=; b=TFfwA7nl/2WGRgUSR7ElseyYcCpTfz2EJsAF4Hda5ltpaKX4QK33nmFoqaSyhfdrwgwaFR 6L+3cLoU0BVkw/Qrms1rp3MCXcEPy/xeZXzZ6mzA3Vd2YIzjoc5UempaWNZNY/WmR6aUiG gKZn7bS42W6dFY6FR8Db7Lsl6UeHpcU4VH08yl0QviAbacgYIQtEMidrkHL/4tOlifie78 6O15fcdbrbyHf5sPhh77ah3Vm0351f1QLrIak+rhEgISW/fMVw0cIv+0vHTcgg0J5qz7bw WApCEeot7znz9UjNyNAqYaXdOVs4EeKj1PXRAiwt/6A75M6T67USyEL/KQr6uQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1648585117; a=rsa-sha256; cv=none; b=nbgD6H4c+iC9HbM7khf+8/NQHmOro7I1IudKe+DsDXN/o3oXwzQep+sksBR750oupSKWz8 QkQDq+bCo+cBHnqRoeM84ujFf48I08zORzNhi3ye9ibf+PHKyqO23fsM7ixgDhEYEKLWYE 7qN7wMjqKfqZFvhyRiTVv6Hcb6Oh7dEY3XbJPFUoZThkUW573HyCNihcTe0yGOFMzN27SB jQEXOgAyWAlqmzqt7lA0ku0OulJlPtooq7MTWaAFdm+Ft8L233AHg8owpK3Y1lnGeKL2un uuuSUJgd607f+sKQt4xy5Ms/p32nDmDkLLvGt1L+q4ZUdCy1HNYeUvSFcOoqdg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/11 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=d3aef2d8fc89def105f84dca7f35a901d861539c commit d3aef2d8fc89def105f84dca7f35a901d861539c Author: Ed Maste AuthorDate: 2022-03-29 14:48:00 +0000 Commit: Ed Maste CommitDate: 2022-03-29 20:18:07 +0000 Avoid kernel stack disclosure in compat32 stat copy_stat and copy_ostat used by 32-bit compat *stat calls left spare and padding bytes uninitialized. This issue does not exist in stable/12 and later as it was incidentally addressed as part of the 64-bit inode project. Reported by: Reno Robert of Trend Micro Zero Day Initiative Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D34706 --- sys/compat/freebsd32/freebsd32_misc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/compat/freebsd32/freebsd32_misc.c b/sys/compat/freebsd32/freebsd32_misc.c index d19050944aae..81fed2a8fc4e 100644 --- a/sys/compat/freebsd32/freebsd32_misc.c +++ b/sys/compat/freebsd32/freebsd32_misc.c @@ -1780,6 +1780,7 @@ static void copy_stat(struct stat *in, struct stat32 *out) { + bzero(out, sizeof(*out)); CP(*in, *out, st_dev); CP(*in, *out, st_ino); CP(*in, *out, st_mode); @@ -1803,6 +1804,7 @@ static void copy_ostat(struct stat *in, struct ostat32 *out) { + bzero(out, sizeof(*out)); CP(*in, *out, st_dev); CP(*in, *out, st_ino); CP(*in, *out, st_mode);