diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2023-12-11 14:19:09 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2023-12-11 14:19:09 +0000 |
| commit | 3c0fb026b2fc998fa9bea8aed76e96c58671aee3 (patch) | |
| tree | df699884fb37db76cb7a9136bbbb367c90ea3e5e | |
| parent | ce2f34ade8b787b068085fa8a8ddd295b06c2737 (diff) | |
| download | src-3c0fb026b2fc998fa9bea8aed76e96c58671aee3.tar.gz src-3c0fb026b2fc998fa9bea8aed76e96c58671aee3.zip | |
tty: Avoid a kernel memory discloure via kern.ttys
Four pad bytes at the end of each xtty structure were not being cleared
before being copied out. Fix this by clearing the whole structure
before populating fields.
MFC after: 3 days
Reported by: KMSAN
| -rw-r--r-- | sys/kern/tty.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/kern/tty.c b/sys/kern/tty.c index 620233947410..e051c66ab0c9 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -1288,6 +1288,7 @@ tty_to_xtty(struct tty *tp, struct xtty *xt) tty_assert_locked(tp); + memset(xt, 0, sizeof(*xt)); xt->xt_size = sizeof(struct xtty); xt->xt_insize = ttyinq_getsize(&tp->t_inq); xt->xt_incc = ttyinq_bytescanonicalized(&tp->t_inq); |