Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/dev sys/dev: Memset zero before copyout.
details: https://anonhg.NetBSD.org/src/rev/c419156eb90d
branches: trunk
changeset: 985824:c419156eb90d
user: riastradh <riastradh%NetBSD.org@localhost>
date: Thu Sep 09 23:26:36 2021 +0000
description:
sys/dev: Memset zero before copyout.
Just in case of uninitialized padding which would lead to kernel
stack disclosure. If the compiler can prove the memset redundant
then it can optimize it away; otherwise better safe than sorry.
I think the iwi(4), mcd(4), and ses(4) changes actually plug leaks;
the raidframe(4) change probably doesn't (but doesn't hurt).
diffstat:
sys/dev/isa/mcd.c | 5 +++--
sys/dev/pci/if_iwi.c | 7 ++++---
sys/dev/raidframe/rf_netbsdkintf.c | 10 ++++++++--
sys/dev/scsipi/ses.c | 5 +++--
4 files changed, 18 insertions(+), 9 deletions(-)
diffs (126 lines):
diff -r dc4c2c6b6dc3 -r c419156eb90d sys/dev/isa/mcd.c
--- a/sys/dev/isa/mcd.c Thu Sep 09 21:47:47 2021 +0000
+++ b/sys/dev/isa/mcd.c Thu Sep 09 23:26:36 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: mcd.c,v 1.120 2020/02/24 12:20:29 rin Exp $ */
+/* $NetBSD: mcd.c,v 1.121 2021/09/09 23:26:36 riastradh Exp $ */
/*
* Copyright (c) 1993, 1994, 1995 Charles M. Hannum. All rights reserved.
@@ -56,7 +56,7 @@
/*static char COPYRIGHT[] = "mcd-driver (C)1993 by H.Veit & B.Moore";*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mcd.c,v 1.120 2020/02/24 12:20:29 rin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mcd.c,v 1.121 2021/09/09 23:26:36 riastradh Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -1601,6 +1601,7 @@
if ((error = mcd_getqchan(sc, &q, ch->data_format)) != 0)
return error;
+ memset(info, 0, sizeof(*info));
info->header.audio_status = sc->audio_status;
info->what.media_catalog.data_format = ch->data_format;
diff -r dc4c2c6b6dc3 -r c419156eb90d sys/dev/pci/if_iwi.c
--- a/sys/dev/pci/if_iwi.c Thu Sep 09 21:47:47 2021 +0000
+++ b/sys/dev/pci/if_iwi.c Thu Sep 09 23:26:36 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_iwi.c,v 1.116 2021/06/16 00:21:18 riastradh Exp $ */
+/* $NetBSD: if_iwi.c,v 1.117 2021/09/09 23:26:36 riastradh Exp $ */
/* $OpenBSD: if_iwi.c,v 1.111 2010/11/15 19:11:57 damien Exp $ */
/*-
@@ -19,7 +19,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_iwi.c,v 1.116 2021/06/16 00:21:18 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_iwi.c,v 1.117 2021/09/09 23:26:36 riastradh Exp $");
/*-
* Intel(R) PRO/Wireless 2200BG/2225BG/2915ABG driver
@@ -1870,8 +1870,9 @@
{
uint32_t size, buf[128];
+ memset(buf, 0, sizeof buf);
+
if (!(sc->flags & IWI_FLAG_FW_INITED)) {
- memset(buf, 0, sizeof buf);
return copyout(buf, tbl, sizeof buf);
}
diff -r dc4c2c6b6dc3 -r c419156eb90d sys/dev/raidframe/rf_netbsdkintf.c
--- a/sys/dev/raidframe/rf_netbsdkintf.c Thu Sep 09 21:47:47 2021 +0000
+++ b/sys/dev/raidframe/rf_netbsdkintf.c Thu Sep 09 23:26:36 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rf_netbsdkintf.c,v 1.400 2021/08/28 16:00:52 oster Exp $ */
+/* $NetBSD: rf_netbsdkintf.c,v 1.401 2021/09/09 23:26:37 riastradh Exp $ */
/*-
* Copyright (c) 1996, 1997, 1998, 2008-2011 The NetBSD Foundation, Inc.
@@ -101,7 +101,7 @@
***********************************************************/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rf_netbsdkintf.c,v 1.400 2021/08/28 16:00:52 oster Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rf_netbsdkintf.c,v 1.401 2021/09/09 23:26:37 riastradh Exp $");
#ifdef _KERNEL_OPT
#include "opt_raid_autoconfig.h"
@@ -3859,6 +3859,8 @@
rf_check_recon_status_ext(RF_Raid_t *raidPtr, RF_ProgressInfo_t *info)
{
+ memset(info, 0, sizeof(*info));
+
if (raidPtr->status != rf_rs_reconstructing) {
info->total = 100;
info->completed = 100;
@@ -3874,6 +3876,8 @@
rf_check_parityrewrite_status_ext(RF_Raid_t *raidPtr, RF_ProgressInfo_t *info)
{
+ memset(info, 0, sizeof(*info));
+
if (raidPtr->parity_rewrite_in_progress == 1) {
info->total = raidPtr->Layout.numStripe;
info->completed = raidPtr->parity_rewrite_stripes_done;
@@ -3889,6 +3893,8 @@
rf_check_copyback_status_ext(RF_Raid_t *raidPtr, RF_ProgressInfo_t *info)
{
+ memset(info, 0, sizeof(*info));
+
if (raidPtr->copyback_in_progress == 1) {
info->total = raidPtr->Layout.numStripe;
info->completed = raidPtr->copyback_stripes_done;
diff -r dc4c2c6b6dc3 -r c419156eb90d sys/dev/scsipi/ses.c
--- a/sys/dev/scsipi/ses.c Thu Sep 09 21:47:47 2021 +0000
+++ b/sys/dev/scsipi/ses.c Thu Sep 09 23:26:36 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ses.c,v 1.51 2019/03/08 08:35:58 msaitoh Exp $ */
+/* $NetBSD: ses.c,v 1.52 2021/09/09 23:26:37 riastradh Exp $ */
/*
* Copyright (C) 2000 National Aeronautics & Space Administration
* All rights reserved.
@@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ses.c,v 1.51 2019/03/08 08:35:58 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ses.c,v 1.52 2021/09/09 23:26:37 riastradh Exp $");
#ifdef _KERNEL_OPT
#include "opt_scsi.h"
@@ -415,6 +415,7 @@
case SESIOC_GETOBJMAP:
if (addr == NULL)
return EINVAL;
+ memset(&obj, 0, sizeof(obj));
for (uobj = addr, i = 0; i != ssc->ses_nobjects; i++, uobj++) {
obj.obj_id = i;
obj.subencid = ssc->ses_objmap[i].subenclosure;
Home |
Main Index |
Thread Index |
Old Index