Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/dev/dkwedge Fix info leak: always clear 'dkw', because s...



details:   https://anonhg.NetBSD.org/src/rev/c5a9099c1664
branches:  trunk
changeset: 1000139:c5a9099c1664
user:      maxv <maxv%NetBSD.org@localhost>
date:      Tue Jul 09 17:06:46 2019 +0000

description:
Fix info leak: always clear 'dkw', because some of its (otherwise
uninitialized) fields can be copied to userland, typically in the
DIOCGWEDGEINFO ioctl.

diffstat:

 sys/dev/dkwedge/dkwedge_apple.c    |  5 +++--
 sys/dev/dkwedge/dkwedge_bsdlabel.c |  7 +++++--
 sys/dev/dkwedge/dkwedge_gpt.c      |  6 ++++--
 sys/dev/dkwedge/dkwedge_mbr.c      |  6 ++++--
 sys/dev/dkwedge/dkwedge_rdb.c      |  6 ++++--
 5 files changed, 20 insertions(+), 10 deletions(-)

diffs (135 lines):

diff -r b3f6d413068e -r c5a9099c1664 sys/dev/dkwedge/dkwedge_apple.c
--- a/sys/dev/dkwedge/dkwedge_apple.c   Tue Jul 09 16:56:24 2019 +0000
+++ b/sys/dev/dkwedge/dkwedge_apple.c   Tue Jul 09 17:06:46 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dkwedge_apple.c,v 1.4 2019/07/06 05:41:23 maxv Exp $   */
+/*     $NetBSD: dkwedge_apple.c,v 1.5 2019/07/09 17:06:46 maxv Exp $   */
 
 /*-
  * Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dkwedge_apple.c,v 1.4 2019/07/06 05:41:23 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dkwedge_apple.c,v 1.5 2019/07/09 17:06:46 maxv Exp $");
 
 #include <sys/param.h>
 #ifdef _KERNEL
@@ -225,6 +225,7 @@
                }
 
                struct dkwedge_info dkw;
+               memset(&dkw, 0, sizeof(dkw));
 
                strlcpy(dkw.dkw_ptype, ptype, sizeof(dkw.dkw_ptype));
                strlcpy(dkw.dkw_parent, pdk->dk_name, sizeof(dkw.dkw_parent));
diff -r b3f6d413068e -r c5a9099c1664 sys/dev/dkwedge/dkwedge_bsdlabel.c
--- a/sys/dev/dkwedge/dkwedge_bsdlabel.c        Tue Jul 09 16:56:24 2019 +0000
+++ b/sys/dev/dkwedge/dkwedge_bsdlabel.c        Tue Jul 09 17:06:46 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dkwedge_bsdlabel.c,v 1.23 2014/11/04 07:45:45 mlelstv Exp $    */
+/*     $NetBSD: dkwedge_bsdlabel.c,v 1.24 2019/07/09 17:06:46 maxv Exp $       */
 
 /*-
  * Copyright (c) 2004 The NetBSD Foundation, Inc.
@@ -79,7 +79,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dkwedge_bsdlabel.c,v 1.23 2014/11/04 07:45:45 mlelstv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dkwedge_bsdlabel.c,v 1.24 2019/07/09 17:06:46 maxv Exp $");
 
 #include <sys/param.h>
 #ifdef _KERNEL
@@ -227,6 +227,9 @@
 
                if (p->p_fstype == FS_UNUSED)
                        continue;
+
+               memset(&dkw, 0, sizeof(dkw));
+
                ptype = bsdlabel_fstype_to_str(p->p_fstype);
                if (ptype == NULL)
                        snprintf(dkw.dkw_ptype, sizeof(dkw.dkw_ptype),
diff -r b3f6d413068e -r c5a9099c1664 sys/dev/dkwedge/dkwedge_gpt.c
--- a/sys/dev/dkwedge/dkwedge_gpt.c     Tue Jul 09 16:56:24 2019 +0000
+++ b/sys/dev/dkwedge/dkwedge_gpt.c     Tue Jul 09 17:06:46 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dkwedge_gpt.c,v 1.23 2019/06/22 06:45:46 maxv Exp $    */
+/*     $NetBSD: dkwedge_gpt.c,v 1.24 2019/07/09 17:06:46 maxv Exp $    */
 
 /*-
  * Copyright (c) 2004 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dkwedge_gpt.c,v 1.23 2019/06/22 06:45:46 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dkwedge_gpt.c,v 1.24 2019/07/09 17:06:46 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -242,6 +242,8 @@
                uuid_snprintf(ent_guid_str, sizeof(ent_guid_str),
                    &ent_guid);
 
+               memset(&dkw, 0, sizeof(dkw));
+
                /* figure out the type */
                ptype = gpt_ptype_guid_to_str(&ptype_guid);
                strlcpy(dkw.dkw_ptype, ptype, sizeof(dkw.dkw_ptype));
diff -r b3f6d413068e -r c5a9099c1664 sys/dev/dkwedge/dkwedge_mbr.c
--- a/sys/dev/dkwedge/dkwedge_mbr.c     Tue Jul 09 16:56:24 2019 +0000
+++ b/sys/dev/dkwedge/dkwedge_mbr.c     Tue Jul 09 17:06:46 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dkwedge_mbr.c,v 1.10 2017/01/19 00:44:40 maya Exp $    */
+/*     $NetBSD: dkwedge_mbr.c,v 1.11 2019/07/09 17:06:46 maxv Exp $    */
 
 /*-
  * Copyright (c) 2004 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dkwedge_mbr.c,v 1.10 2017/01/19 00:44:40 maya Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dkwedge_mbr.c,v 1.11 2019/07/09 17:06:46 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -114,6 +114,8 @@
                        break;
                }
 
+               memset(&dkw, 0, sizeof(dkw));
+
                if ((ptype = mbr_ptype_to_str(dp[i].mbrp_type)) == NULL) {
                        /*
                         * XXX Should probably just add these...
diff -r b3f6d413068e -r c5a9099c1664 sys/dev/dkwedge/dkwedge_rdb.c
--- a/sys/dev/dkwedge/dkwedge_rdb.c     Tue Jul 09 16:56:24 2019 +0000
+++ b/sys/dev/dkwedge/dkwedge_rdb.c     Tue Jul 09 17:06:46 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dkwedge_rdb.c,v 1.4 2017/02/28 04:47:41 rin Exp $      */
+/*     $NetBSD: dkwedge_rdb.c,v 1.5 2019/07/09 17:06:46 maxv Exp $     */
 
 /*
  * Adapted from arch/amiga/amiga/disksubr.c:
@@ -68,7 +68,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dkwedge_rdb.c,v 1.4 2017/02/28 04:47:41 rin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dkwedge_rdb.c,v 1.5 2019/07/09 17:06:46 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/disklabel_rdb.h>
@@ -165,6 +165,8 @@
                bp = DKW_REALLOC(bp, bufsize);
        }
 
+       memset(&dkw, 0, sizeof(dkw));
+
        strlcpy(dkw.dkw_parent, pdk->dk_name, sizeof(dkw.dkw_parent));
 
        found = root = swap = false;



Home | Main Index | Thread Index | Old Index