[src/trunk]: src/sys/compat Fix kernel info leaks.

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/940a0fc8dbec
branches:  trunk
changeset: 995543:940a0fc8dbec
user:      maxv <maxv%NetBSD.org@localhost>
date:      Thu Dec 27 09:57:16 2018 +0000

description:
Fix kernel info leaks.

        + Possible info leak: [len=80, leaked=10]
        | #0 0xffffffff80bad7a7 in kleak_copyout
        | #1 0xffffffff8048e71b in netbsd32___msgctl50
        | #2 0xffffffff8022fb5b in netbsd32_syscall
        | #3 0xffffffff802096dd in handle_syscall

diffstat:

 sys/compat/netbsd32/netbsd32_compat_14.c |  5 +++--
 sys/compat/netbsd32/netbsd32_conv.h      |  4 +++-
 sys/compat/sys/msg.h                     |  4 +++-
 3 files changed, 9 insertions(+), 4 deletions(-)

diffs (76 lines):

diff -r 6025a7fb543d -r 940a0fc8dbec sys/compat/netbsd32/netbsd32_compat_14.c
--- a/sys/compat/netbsd32/netbsd32_compat_14.c  Thu Dec 27 09:55:27 2018 +0000
+++ b/sys/compat/netbsd32/netbsd32_compat_14.c  Thu Dec 27 09:57:16 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: netbsd32_compat_14.c,v 1.26 2016/01/07 21:58:28 joerg Exp $    */
+/*     $NetBSD: netbsd32_compat_14.c,v 1.27 2018/12/27 09:57:16 maxv Exp $     */
 
 /*
  * Copyright (c) 1999 Eduardo E. Horvath
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_compat_14.c,v 1.26 2016/01/07 21:58:28 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_compat_14.c,v 1.27 2018/12/27 09:57:16 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_sysv.h"
@@ -107,6 +107,7 @@
 native_to_netbsd32_msqid_ds14(struct msqid_ds *msqbuf, struct netbsd32_msqid_ds14 *omsqbuf)
 {
 
+       memset(omsqbuf, 0, sizeof(*omsqbuf));
        native_to_netbsd32_ipc_perm14(&msqbuf->msg_perm, &omsqbuf->msg_perm);
 
 #define        CVT(x)  omsqbuf->x = msqbuf->x
diff -r 6025a7fb543d -r 940a0fc8dbec sys/compat/netbsd32/netbsd32_conv.h
--- a/sys/compat/netbsd32/netbsd32_conv.h       Thu Dec 27 09:55:27 2018 +0000
+++ b/sys/compat/netbsd32/netbsd32_conv.h       Thu Dec 27 09:57:16 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: netbsd32_conv.h,v 1.36 2018/11/25 17:58:29 mlelstv Exp $       */
+/*     $NetBSD: netbsd32_conv.h,v 1.37 2018/12/27 09:57:16 maxv Exp $  */
 
 /*
  * Copyright (c) 1998, 2001 Matthew R. Green
@@ -555,6 +555,7 @@
     struct netbsd32_msqid_ds50 *ds32p)
 {
 
+       memset(ds32p, 0, sizeof(*ds32p));
        netbsd32_from_ipc_perm(&dsp->msg_perm, &ds32p->msg_perm);
        ds32p->_msg_cbytes = (netbsd32_u_long)dsp->_msg_cbytes;
        ds32p->msg_qnum = (netbsd32_u_long)dsp->msg_qnum;
@@ -571,6 +572,7 @@
     struct netbsd32_msqid_ds *ds32p)
 {
 
+       memset(ds32p, 0, sizeof(*ds32p));
        netbsd32_from_ipc_perm(&dsp->msg_perm, &ds32p->msg_perm);
        ds32p->_msg_cbytes = (netbsd32_u_long)dsp->_msg_cbytes;
        ds32p->msg_qnum = (netbsd32_u_long)dsp->msg_qnum;
diff -r 6025a7fb543d -r 940a0fc8dbec sys/compat/sys/msg.h
--- a/sys/compat/sys/msg.h      Thu Dec 27 09:55:27 2018 +0000
+++ b/sys/compat/sys/msg.h      Thu Dec 27 09:57:16 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: msg.h,v 1.4 2009/01/19 19:39:41 christos Exp $ */
+/*     $NetBSD: msg.h,v 1.5 2018/12/27 09:57:16 maxv Exp $     */
 
 /*
  * SVID compatible msg.h file
@@ -108,6 +108,7 @@
 __native_to_msqid_ds13(const struct msqid_ds *msqbuf, struct msqid_ds13 *omsqbuf)
 {
 
+       memset(omsqbuf, 0, sizeof(*omsqbuf));
        omsqbuf->msg_perm = msqbuf->msg_perm;
 
 #define        CVT(x)  omsqbuf->x = msqbuf->x
@@ -149,6 +150,7 @@
 __native_to_msqid_ds14(const struct msqid_ds *msqbuf, struct msqid_ds14 *omsqbuf)
 {
 
+       memset(omsqbuf, 0, sizeof(*omsqbuf));
        __native_to_ipc_perm14(&msqbuf->msg_perm, &omsqbuf->msg_perm);
 
 #define        CVT(x)  omsqbuf->x = msqbuf->x