Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-8]: src/sys Pull up following revision(s) (requested by christos ...



details:   https://anonhg.NetBSD.org/src/rev/b8175b7dccb7
branches:  netbsd-8
changeset: 450587:b8175b7dccb7
user:      martin <martin%NetBSD.org@localhost>
date:      Fri Apr 19 09:12:58 2019 +0000

description:
Pull up following revision(s) (requested by christos in ticket #1233):

        sys/compat/linux/common/linux_socket.c: revision 1.145
        sys/net/if.c: revision 1.449
        sys/compat/linux32/common/linux32_socket.c: revision 1.30
        sys/compat/common/uipc_syscalls_40.c: revision 1.19

Zero out the ifreq struct for SIOCGIFCONF to avoid up to 127 bytes of stack
disclosure. From Andy Nguyen, many thanks!

 -

Zero out the ifreq struct for SIOCGIFCONF to avoid up to 127 bytes of stack
disclosure. From Andy Nguyen, many thanks! This is the compat code part
pointed out by ozaki-r@

diffstat:

 sys/compat/common/uipc_syscalls_40.c       |  5 +++--
 sys/compat/linux/common/linux_socket.c     |  5 +++--
 sys/compat/linux32/common/linux32_socket.c |  5 +++--
 sys/net/if.c                               |  5 +++--
 4 files changed, 12 insertions(+), 8 deletions(-)

diffs (101 lines):

diff -r cc53cf5bf3ce -r b8175b7dccb7 sys/compat/common/uipc_syscalls_40.c
--- a/sys/compat/common/uipc_syscalls_40.c      Fri Apr 19 09:10:49 2019 +0000
+++ b/sys/compat/common/uipc_syscalls_40.c      Fri Apr 19 09:12:58 2019 +0000
@@ -1,9 +1,9 @@
-/*     $NetBSD: uipc_syscalls_40.c,v 1.13.6.2 2017/12/04 13:55:00 martin Exp $ */
+/*     $NetBSD: uipc_syscalls_40.c,v 1.13.6.3 2019/04/19 09:12:58 martin Exp $ */
 
 /* written by Pavel Cahyna, 2006. Public domain. */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls_40.c,v 1.13.6.2 2017/12/04 13:55:00 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls_40.c,v 1.13.6.3 2019/04/19 09:12:58 martin Exp $");
 
 /*
  * System call interface to the socket abstraction.
@@ -42,6 +42,7 @@
        int bound;
        struct psref psref;
 
+       memset(&ifr, 0, sizeof(ifr));
        if (docopy) {
                space = ifc->ifc_len;
                ifrp = ifc->ifc_req;
diff -r cc53cf5bf3ce -r b8175b7dccb7 sys/compat/linux/common/linux_socket.c
--- a/sys/compat/linux/common/linux_socket.c    Fri Apr 19 09:10:49 2019 +0000
+++ b/sys/compat/linux/common/linux_socket.c    Fri Apr 19 09:12:58 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: linux_socket.c,v 1.138.6.3 2018/12/08 12:24:18 martin Exp $    */
+/*     $NetBSD: linux_socket.c,v 1.138.6.4 2019/04/19 09:12:58 martin Exp $    */
 
 /*-
  * Copyright (c) 1995, 1998, 2008 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.138.6.3 2018/12/08 12:24:18 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.138.6.4 2019/04/19 09:12:58 martin Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -1152,6 +1152,7 @@
        if (error)
                return error;
 
+       memset(&ifr, 0, sizeof(ifr));
        docopy = ifc.ifc_req != NULL;
        if (docopy) {
                space = ifc.ifc_len;
diff -r cc53cf5bf3ce -r b8175b7dccb7 sys/compat/linux32/common/linux32_socket.c
--- a/sys/compat/linux32/common/linux32_socket.c        Fri Apr 19 09:10:49 2019 +0000
+++ b/sys/compat/linux32/common/linux32_socket.c        Fri Apr 19 09:12:58 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: linux32_socket.c,v 1.27.6.2 2018/05/12 10:29:08 martin Exp $ */
+/*     $NetBSD: linux32_socket.c,v 1.27.6.3 2019/04/19 09:12:58 martin Exp $ */
 
 /*-
  * Copyright (c) 2006 Emmanuel Dreyfus, all rights reserved.
@@ -33,7 +33,7 @@
 
 #include <sys/cdefs.h>
 
-__KERNEL_RCSID(0, "$NetBSD: linux32_socket.c,v 1.27.6.2 2018/05/12 10:29:08 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux32_socket.c,v 1.27.6.3 2019/04/19 09:12:58 martin Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -431,6 +431,7 @@
        if (error)
                return error;
 
+       memset(&ifr, 0, sizeof(ifr));
        docopy = NETBSD32PTR64(ifc.ifc_req) != NULL;
        if (docopy) {
                space = ifc.ifc_len;
diff -r cc53cf5bf3ce -r b8175b7dccb7 sys/net/if.c
--- a/sys/net/if.c      Fri Apr 19 09:10:49 2019 +0000
+++ b/sys/net/if.c      Fri Apr 19 09:12:58 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if.c,v 1.394.2.15 2018/11/06 14:38:58 martin Exp $     */
+/*     $NetBSD: if.c,v 1.394.2.16 2019/04/19 09:12:58 martin Exp $     */
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@@ -90,7 +90,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.394.2.15 2018/11/06 14:38:58 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.394.2.16 2019/04/19 09:12:58 martin Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -3323,6 +3323,7 @@
        int bound;
        struct psref psref;
 
+       memset(&ifr, 0, sizeof(ifr));
        if (docopy) {
                space = ifc->ifc_len;
                ifrp = ifc->ifc_req;



Home | Main Index | Thread Index | Old Index