[src/trunk]: src/sys/altq Zero buffers copied to userland to avoid stack disc...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/altq Zero buffers copied to userland to avoid stack disc...
From: riastradh <riastradh%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 08:31:57 +0000

details:   https://anonhg.NetBSD.org/src/rev/f8797df4e59c
branches:  trunk
changeset: 825685:f8797df4e59c
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Fri Jul 28 13:53:17 2017 +0000

description:
Zero buffers copied to userland to avoid stack disclosure.

>From Ilja Van Sprundel.

diffstat:

 sys/altq/altq_cbq.c  |  6 ++++--
 sys/altq/altq_hfsc.c |  5 +++--
 sys/altq/altq_jobs.c |  7 +++----
 sys/altq/altq_priq.c |  5 +++--
 4 files changed, 13 insertions(+), 10 deletions(-)

diffs (116 lines):

diff -r 6d2072187fff -r f8797df4e59c sys/altq/altq_cbq.c
--- a/sys/altq/altq_cbq.c       Fri Jul 28 13:23:01 2017 +0000
+++ b/sys/altq/altq_cbq.c       Fri Jul 28 13:53:17 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: altq_cbq.c,v 1.30 2016/06/20 08:30:58 knakahara Exp $  */
+/*     $NetBSD: altq_cbq.c,v 1.31 2017/07/28 13:53:17 riastradh Exp $  */
 /*     $KAME: altq_cbq.c,v 1.21 2005/04/13 03:44:24 suz Exp $  */
 
 /*
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: altq_cbq.c,v 1.30 2016/06/20 08:30:58 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_cbq.c,v 1.31 2017/07/28 13:53:17 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_altq.h"
@@ -471,6 +471,7 @@
        if (*nbytes < sizeof(stats))
                return (EINVAL);
 
+       memset(&stats, 0, sizeof(stats));
        get_class_stats(&stats, cl);
 
        if ((error = copyout((void *)&stats, ubuf, sizeof(stats))) != 0)
@@ -880,6 +881,7 @@
                        if (++i >= CBQ_MAX_CLASSES)
                                goto out;
 
+               memset(&stats, 0, sizeof(stats));
                get_class_stats(&stats, cl);
                stats.handle = cl->stats_.handle;
 
diff -r 6d2072187fff -r f8797df4e59c sys/altq/altq_hfsc.c
--- a/sys/altq/altq_hfsc.c      Fri Jul 28 13:23:01 2017 +0000
+++ b/sys/altq/altq_hfsc.c      Fri Jul 28 13:53:17 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: altq_hfsc.c,v 1.26 2016/04/20 08:58:48 knakahara Exp $ */
+/*     $NetBSD: altq_hfsc.c,v 1.27 2017/07/28 13:53:17 riastradh Exp $ */
 /*     $KAME: altq_hfsc.c,v 1.26 2005/04/13 03:44:24 suz Exp $ */
 
 /*
@@ -43,7 +43,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: altq_hfsc.c,v 1.26 2016/04/20 08:58:48 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_hfsc.c,v 1.27 2017/07/28 13:53:17 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_altq.h"
@@ -312,6 +312,7 @@
        if (*nbytes < sizeof(stats))
                return (EINVAL);
 
+       memset(&stats, 0, sizeof(stats));
        get_class_stats(&stats, cl);
 
        if ((error = copyout((void *)&stats, ubuf, sizeof(stats))) != 0)
diff -r 6d2072187fff -r f8797df4e59c sys/altq/altq_jobs.c
--- a/sys/altq/altq_jobs.c      Fri Jul 28 13:23:01 2017 +0000
+++ b/sys/altq/altq_jobs.c      Fri Jul 28 13:53:17 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: altq_jobs.c,v 1.10 2016/11/21 07:15:36 dholland Exp $  */
+/*     $NetBSD: altq_jobs.c,v 1.11 2017/07/28 13:53:17 riastradh Exp $ */
 /*     $KAME: altq_jobs.c,v 1.11 2005/04/13 03:44:25 suz Exp $ */
 /*
  * Copyright (c) 2001, the Rector and Board of Visitors of the
@@ -59,7 +59,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: altq_jobs.c,v 1.10 2016/11/21 07:15:36 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_jobs.c,v 1.11 2017/07/28 13:53:17 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_altq.h"
@@ -2110,10 +2110,9 @@
        usp = ap->stats;
        for (pri = 0; pri <= jif->jif_maxpri; pri++) {
                cl = jif->jif_classes[pri];
+               (void)memset(&stats, 0, sizeof(stats));
                if (cl != NULL)
                        get_class_stats(&stats, cl);
-               else
-                       (void)memset(&stats, 0, sizeof(stats));
                if ((error = copyout((void *)&stats, (void *)usp++,
                                     sizeof(stats))) != 0)
                        return (error);
diff -r 6d2072187fff -r f8797df4e59c sys/altq/altq_priq.c
--- a/sys/altq/altq_priq.c      Fri Jul 28 13:23:01 2017 +0000
+++ b/sys/altq/altq_priq.c      Fri Jul 28 13:53:17 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: altq_priq.c,v 1.23 2016/04/20 08:58:48 knakahara Exp $ */
+/*     $NetBSD: altq_priq.c,v 1.24 2017/07/28 13:53:17 riastradh Exp $ */
 /*     $KAME: altq_priq.c,v 1.13 2005/04/13 03:44:25 suz Exp $ */
 /*
  * Copyright (C) 2000-2003
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: altq_priq.c,v 1.23 2016/04/20 08:58:48 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_priq.c,v 1.24 2017/07/28 13:53:17 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_altq.h"
@@ -219,6 +219,7 @@
        if (*nbytes < sizeof(stats))
                return (EINVAL);
 
+       memset(&stats, 0, sizeof(stats));
        get_class_stats(&stats, cl);
 
        if ((error = copyout((void *)&stats, ubuf, sizeof(stats))) != 0)

Prev by Date: [src/trunk]: src/sys/altq Reject negative indices.
Next by Date: [src/trunk]: src/sys/arch/i386/conf Disable vm86 by default. The use case is ...
Previous by Thread: [src/trunk]: src/sys/altq Reject negative indices.
Next by Thread: [src/trunk]: src/sys/arch/i386/conf Disable vm86 by default. The use case is ...
Indexes:

Home | Main Index | Thread Index | Old Index