Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-9]: src/sys/dev Pull up following revision(s) (requested by riast...
details: https://anonhg.NetBSD.org/src/rev/78759ecca11c
branches: netbsd-9
changeset: 368767:78759ecca11c
user: martin <martin%NetBSD.org@localhost>
date: Wed Aug 03 10:55:44 2022 +0000
description:
Pull up following revision(s) (requested by riastradh in ticket #1485):
sys/dev/pci/if_iwi.c: revision 1.117
sys/dev/raidframe/rf_netbsdkintf.c: revision 1.401
sys/dev/scsipi/ses.c: revision 1.52
sys/dev/isa/mcd.c: revision 1.121
sys/dev: Memset zero before copyout.
Just in case of uninitialized padding which would lead to kernel
stack disclosure. If the compiler can prove the memset redundant
then it can optimize it away; otherwise better safe than sorry.
I think the iwi(4), mcd(4), and ses(4) changes actually plug leaks;
the raidframe(4) change probably doesn't (but doesn't hurt).
diffstat:
sys/dev/isa/mcd.c | 5 +++--
sys/dev/pci/if_iwi.c | 7 ++++---
sys/dev/raidframe/rf_netbsdkintf.c | 10 ++++++++--
sys/dev/scsipi/ses.c | 5 +++--
4 files changed, 18 insertions(+), 9 deletions(-)
diffs (126 lines):
diff -r b9fb485749c1 -r 78759ecca11c sys/dev/isa/mcd.c
--- a/sys/dev/isa/mcd.c Wed Aug 03 10:42:02 2022 +0000
+++ b/sys/dev/isa/mcd.c Wed Aug 03 10:55:44 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: mcd.c,v 1.118.4.1 2019/11/14 15:38:02 martin Exp $ */
+/* $NetBSD: mcd.c,v 1.118.4.2 2022/08/03 10:55:45 martin Exp $ */
/*
* Copyright (c) 1993, 1994, 1995 Charles M. Hannum. All rights reserved.
@@ -56,7 +56,7 @@
/*static char COPYRIGHT[] = "mcd-driver (C)1993 by H.Veit & B.Moore";*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mcd.c,v 1.118.4.1 2019/11/14 15:38:02 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mcd.c,v 1.118.4.2 2022/08/03 10:55:45 martin Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -1601,6 +1601,7 @@
if ((error = mcd_getqchan(sc, &q, ch->data_format)) != 0)
return error;
+ memset(info, 0, sizeof(*info));
info->header.audio_status = sc->audio_status;
info->what.media_catalog.data_format = ch->data_format;
diff -r b9fb485749c1 -r 78759ecca11c sys/dev/pci/if_iwi.c
--- a/sys/dev/pci/if_iwi.c Wed Aug 03 10:42:02 2022 +0000
+++ b/sys/dev/pci/if_iwi.c Wed Aug 03 10:55:44 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_iwi.c,v 1.111 2019/02/03 03:19:27 mrg Exp $ */
+/* $NetBSD: if_iwi.c,v 1.111.4.1 2022/08/03 10:55:44 martin Exp $ */
/* $OpenBSD: if_iwi.c,v 1.111 2010/11/15 19:11:57 damien Exp $ */
/*-
@@ -19,7 +19,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_iwi.c,v 1.111 2019/02/03 03:19:27 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_iwi.c,v 1.111.4.1 2022/08/03 10:55:44 martin Exp $");
/*-
* Intel(R) PRO/Wireless 2200BG/2225BG/2915ABG driver
@@ -1875,8 +1875,9 @@
{
uint32_t size, buf[128];
+ memset(buf, 0, sizeof buf);
+
if (!(sc->flags & IWI_FLAG_FW_INITED)) {
- memset(buf, 0, sizeof buf);
return copyout(buf, tbl, sizeof buf);
}
diff -r b9fb485749c1 -r 78759ecca11c sys/dev/raidframe/rf_netbsdkintf.c
--- a/sys/dev/raidframe/rf_netbsdkintf.c Wed Aug 03 10:42:02 2022 +0000
+++ b/sys/dev/raidframe/rf_netbsdkintf.c Wed Aug 03 10:55:44 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rf_netbsdkintf.c,v 1.376.4.1 2020/03/21 15:52:09 martin Exp $ */
+/* $NetBSD: rf_netbsdkintf.c,v 1.376.4.2 2022/08/03 10:55:45 martin Exp $ */
/*-
* Copyright (c) 1996, 1997, 1998, 2008-2011 The NetBSD Foundation, Inc.
@@ -101,7 +101,7 @@
***********************************************************/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rf_netbsdkintf.c,v 1.376.4.1 2020/03/21 15:52:09 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rf_netbsdkintf.c,v 1.376.4.2 2022/08/03 10:55:45 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_raid_autoconfig.h"
@@ -3748,6 +3748,8 @@
rf_check_recon_status_ext(RF_Raid_t *raidPtr, RF_ProgressInfo_t *info)
{
+ memset(info, 0, sizeof(*info));
+
if (raidPtr->status != rf_rs_reconstructing) {
info->total = 100;
info->completed = 100;
@@ -3763,6 +3765,8 @@
rf_check_parityrewrite_status_ext(RF_Raid_t *raidPtr, RF_ProgressInfo_t *info)
{
+ memset(info, 0, sizeof(*info));
+
if (raidPtr->parity_rewrite_in_progress == 1) {
info->total = raidPtr->Layout.numStripe;
info->completed = raidPtr->parity_rewrite_stripes_done;
@@ -3778,6 +3782,8 @@
rf_check_copyback_status_ext(RF_Raid_t *raidPtr, RF_ProgressInfo_t *info)
{
+ memset(info, 0, sizeof(*info));
+
if (raidPtr->copyback_in_progress == 1) {
info->total = raidPtr->Layout.numStripe;
info->completed = raidPtr->copyback_stripes_done;
diff -r b9fb485749c1 -r 78759ecca11c sys/dev/scsipi/ses.c
--- a/sys/dev/scsipi/ses.c Wed Aug 03 10:42:02 2022 +0000
+++ b/sys/dev/scsipi/ses.c Wed Aug 03 10:55:44 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ses.c,v 1.51 2019/03/08 08:35:58 msaitoh Exp $ */
+/* $NetBSD: ses.c,v 1.51.4.1 2022/08/03 10:55:45 martin Exp $ */
/*
* Copyright (C) 2000 National Aeronautics & Space Administration
* All rights reserved.
@@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ses.c,v 1.51 2019/03/08 08:35:58 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ses.c,v 1.51.4.1 2022/08/03 10:55:45 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_scsi.h"
@@ -415,6 +415,7 @@
case SESIOC_GETOBJMAP:
if (addr == NULL)
return EINVAL;
+ memset(&obj, 0, sizeof(obj));
for (uobj = addr, i = 0; i != ssc->ses_nobjects; i++, uobj++) {
obj.obj_id = i;
obj.subencid = ssc->ses_objmap[i].subenclosure;
Home |
Main Index |
Thread Index |
Old Index