svn commit: r316497 - head/sys/kern
Brooks Davis
brooks at FreeBSD.org
Tue Apr 4 17:32:10 UTC 2017
Author: brooks
Date: Tue Apr 4 17:32:08 2017
New Revision: 316497
URL: https://svnweb.freebsd.org/changeset/base/316497
Log:
Correct a kernel stack leak in 32-bit compat when vfc_name is short.
Don't zero unused pointer members again.
Per discussion with secteam we are not issuing an advisory for this
issue as we have no current evidence it leaks exploitable information.
Reviewed by: rwatson, glebius, delphij
MFC after: 1 day
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D10227
Modified:
head/sys/kern/vfs_subr.c
Modified: head/sys/kern/vfs_subr.c
==============================================================================
--- head/sys/kern/vfs_subr.c Tue Apr 4 17:18:45 2017 (r316496)
+++ head/sys/kern/vfs_subr.c Tue Apr 4 17:32:08 2017 (r316497)
@@ -3781,12 +3781,11 @@ vfsconf2x32(struct sysctl_req *req, stru
{
struct xvfsconf32 xvfsp;
+ bzero(&xvfsp, sizeof(xvfsp));
strcpy(xvfsp.vfc_name, vfsp->vfc_name);
xvfsp.vfc_typenum = vfsp->vfc_typenum;
xvfsp.vfc_refcount = vfsp->vfc_refcount;
xvfsp.vfc_flags = vfsp->vfc_flags;
- xvfsp.vfc_vfsops = 0;
- xvfsp.vfc_next = 0;
return (SYSCTL_OUT(req, &xvfsp, sizeof(xvfsp)));
}
#endif
More information about the svn-src-all
mailing list