svn commit: r332064 - stable/10/sys/compat/linux
Ed Maste
emaste at FreeBSD.org
Thu Apr 5 12:54:11 UTC 2018
Author: emaste
Date: Thu Apr 5 12:54:10 2018
New Revision: 332064
URL: https://svnweb.freebsd.org/changeset/base/332064
Log:
MFC r332042: Fix kernel memory disclosure in linux_ioctl_socket
strlcpy is used to copy a string into a buffer to be copied to userland,
previously leaving uninitialized data after the terminating NUL. Zero
the buffer first to avoid a kernel memory disclosure.
admbugs: 765, 811
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Reported by: Vlad Tsyrklevich
Sponsored by: The FreeBSD Foundation
Modified:
stable/10/sys/compat/linux/linux_ioctl.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/compat/linux/linux_ioctl.c
==============================================================================
--- stable/10/sys/compat/linux/linux_ioctl.c Thu Apr 5 12:50:47 2018 (r332063)
+++ stable/10/sys/compat/linux/linux_ioctl.c Thu Apr 5 12:54:10 2018 (r332064)
@@ -2427,6 +2427,7 @@ linux_ioctl_socket(struct thread *td, struct linux_ioc
printf("%s(): ioctl %d on %.*s\n", __func__,
args->cmd & 0xffff, LINUX_IFNAMSIZ, lifname);
#endif
+ memset(ifname, 0, sizeof(ifname));
ifp = ifname_linux_to_bsd(td, lifname, ifname);
if (ifp == NULL)
return (EINVAL);
More information about the svn-src-stable-10
mailing list