Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-8]: src/sys/dev Pull up following revision(s) (requested by riast...
details: https://anonhg.NetBSD.org/src/rev/5beb8c7bd6ba
branches: netbsd-8
changeset: 376549:5beb8c7bd6ba
user: martin <martin%NetBSD.org@localhost>
date: Wed Jun 21 20:48:06 2023 +0000
description:
Pull up following revision(s) (requested by riastradh in ticket #1835):
sys/dev/pci/if_iwi.c: revision 1.117
sys/dev/raidframe/rf_netbsdkintf.c: revision 1.401
sys/dev/scsipi/ses.c: revision 1.52
sys/dev/isa/mcd.c: revision 1.121
(all via patch)
sys/dev: Memset zero before copyout.
Just in case of uninitialized padding which would lead to kernel
stack disclosure. If the compiler can prove the memset redundant
then it can optimize it away; otherwise better safe than sorry.
I think the iwi(4), mcd(4), and ses(4) changes actually plug leaks;
the raidframe(4) change probably doesn't (but doesn't hurt).
diffstat:
sys/dev/isa/mcd.c | 5 +++--
sys/dev/pci/if_iwi.c | 7 ++++---
sys/dev/raidframe/rf_netbsdkintf.c | 7 +++++--
sys/dev/scsipi/ses.c | 5 +++--
4 files changed, 15 insertions(+), 9 deletions(-)
diffs (123 lines):
diff -r 3e896cb1cd87 -r 5beb8c7bd6ba sys/dev/isa/mcd.c
--- a/sys/dev/isa/mcd.c Wed Jun 21 20:38:35 2023 +0000
+++ b/sys/dev/isa/mcd.c Wed Jun 21 20:48:06 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: mcd.c,v 1.116.10.1 2019/11/14 16:04:31 martin Exp $ */
+/* $NetBSD: mcd.c,v 1.116.10.2 2023/06/21 20:48:07 martin Exp $ */
/*
* Copyright (c) 1993, 1994, 1995 Charles M. Hannum. All rights reserved.
@@ -56,7 +56,7 @@
/*static char COPYRIGHT[] = "mcd-driver (C)1993 by H.Veit & B.Moore";*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mcd.c,v 1.116.10.1 2019/11/14 16:04:31 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mcd.c,v 1.116.10.2 2023/06/21 20:48:07 martin Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -1599,6 +1599,7 @@ mcd_read_subchannel(struct mcd_softc *sc
if ((error = mcd_getqchan(sc, &q, ch->data_format)) != 0)
return error;
+ memset(info, 0, sizeof(*info));
info->header.audio_status = sc->audio_status;
info->what.media_catalog.data_format = ch->data_format;
diff -r 3e896cb1cd87 -r 5beb8c7bd6ba sys/dev/pci/if_iwi.c
--- a/sys/dev/pci/if_iwi.c Wed Jun 21 20:38:35 2023 +0000
+++ b/sys/dev/pci/if_iwi.c Wed Jun 21 20:48:06 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_iwi.c,v 1.103.2.1 2017/12/10 10:10:24 snj Exp $ */
+/* $NetBSD: if_iwi.c,v 1.103.2.2 2023/06/21 20:48:06 martin Exp $ */
/* $OpenBSD: if_iwi.c,v 1.111 2010/11/15 19:11:57 damien Exp $ */
/*-
@@ -19,7 +19,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_iwi.c,v 1.103.2.1 2017/12/10 10:10:24 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_iwi.c,v 1.103.2.2 2023/06/21 20:48:06 martin Exp $");
/*-
* Intel(R) PRO/Wireless 2200BG/2225BG/2915ABG driver
@@ -1885,8 +1885,9 @@ iwi_get_table0(struct iwi_softc *sc, uin
{
uint32_t size, buf[128];
+ memset(buf, 0, sizeof buf);
+
if (!(sc->flags & IWI_FLAG_FW_INITED)) {
- memset(buf, 0, sizeof buf);
return copyout(buf, tbl, sizeof buf);
}
diff -r 3e896cb1cd87 -r 5beb8c7bd6ba sys/dev/raidframe/rf_netbsdkintf.c
--- a/sys/dev/raidframe/rf_netbsdkintf.c Wed Jun 21 20:38:35 2023 +0000
+++ b/sys/dev/raidframe/rf_netbsdkintf.c Wed Jun 21 20:48:06 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rf_netbsdkintf.c,v 1.350 2017/06/01 02:45:11 chs Exp $ */
+/* $NetBSD: rf_netbsdkintf.c,v 1.350.2.1 2023/06/21 20:48:06 martin Exp $ */
/*-
* Copyright (c) 1996, 1997, 1998, 2008-2011 The NetBSD Foundation, Inc.
@@ -101,7 +101,7 @@
***********************************************************/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rf_netbsdkintf.c,v 1.350 2017/06/01 02:45:11 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rf_netbsdkintf.c,v 1.350.2.1 2023/06/21 20:48:06 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_compat_netbsd.h"
@@ -1622,6 +1622,7 @@ raidioctl(dev_t dev, u_long cmd, void *d
return (0);
case RAIDFRAME_CHECK_RECON_STATUS_EXT:
progressInfoPtr = (RF_ProgressInfo_t **) data;
+ memset(&progressInfo, 0, sizeof(progressInfo));
if (raidPtr->status != rf_rs_reconstructing) {
progressInfo.remaining = 0;
progressInfo.completed = 100;
@@ -1656,6 +1657,7 @@ raidioctl(dev_t dev, u_long cmd, void *d
case RAIDFRAME_CHECK_PARITYREWRITE_STATUS_EXT:
progressInfoPtr = (RF_ProgressInfo_t **) data;
+ memset(&progressInfo, 0, sizeof(progressInfo));
if (raidPtr->parity_rewrite_in_progress == 1) {
progressInfo.total = raidPtr->Layout.numStripe;
progressInfo.completed =
@@ -1687,6 +1689,7 @@ raidioctl(dev_t dev, u_long cmd, void *d
case RAIDFRAME_CHECK_COPYBACK_STATUS_EXT:
progressInfoPtr = (RF_ProgressInfo_t **) data;
+ memset(&progressInfo, 0, sizeof(progressInfo));
if (raidPtr->copyback_in_progress == 1) {
progressInfo.total = raidPtr->Layout.numStripe;
progressInfo.completed =
diff -r 3e896cb1cd87 -r 5beb8c7bd6ba sys/dev/scsipi/ses.c
--- a/sys/dev/scsipi/ses.c Wed Jun 21 20:38:35 2023 +0000
+++ b/sys/dev/scsipi/ses.c Wed Jun 21 20:48:06 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ses.c,v 1.50 2016/11/20 15:37:19 mlelstv Exp $ */
+/* $NetBSD: ses.c,v 1.50.8.1 2023/06/21 20:48:07 martin Exp $ */
/*
* Copyright (C) 2000 National Aeronautics & Space Administration
* All rights reserved.
@@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ses.c,v 1.50 2016/11/20 15:37:19 mlelstv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ses.c,v 1.50.8.1 2023/06/21 20:48:07 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_scsi.h"
@@ -415,6 +415,7 @@ sesioctl(dev_t dev, u_long cmd, void *ar
case SESIOC_GETOBJMAP:
if (addr == NULL)
return EINVAL;
+ memset(&obj, 0, sizeof(obj));
for (uobj = addr, i = 0; i != ssc->ses_nobjects; i++, uobj++) {
obj.obj_id = i;
obj.subencid = ssc->ses_objmap[i].subenclosure;
Home |
Main Index |
Thread Index |
Old Index