aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGordon Tetlow <gordon@FreeBSD.org>2018-09-27 18:36:30 +0000
committerGordon Tetlow <gordon@FreeBSD.org>2018-09-27 18:36:30 +0000
commitd869f4ade283f4691dc249e435376a5883824be2 (patch)
treedb2466a76015e9b5cc1005870b4f8f2d45b7d99b
parente106753b247571ad73522292efb4403a6e2cb166 (diff)
downloadsrc-releng/10.4.tar.gz
src-releng/10.4.zip
Fix small kernel memory disclosures. [EN-18:12.mem]releng/10.4
Reported by: Thomas Barabosch, Fraunhofer FKIE Approved by: so Security: FreeBSD-EN-18:12.mem Security: CVE-2018-17155
Notes
Notes: svn path=/releng/10.4/; revision=338981
-rw-r--r--sys/kern/kern_context.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/kern/kern_context.c b/sys/kern/kern_context.c
index 70751d02cba8..acd3ded2a20c 100644
--- a/sys/kern/kern_context.c
+++ b/sys/kern/kern_context.c
@@ -68,6 +68,7 @@ sys_getcontext(struct thread *td, struct getcontext_args *uap)
if (uap->ucp == NULL)
ret = EINVAL;
else {
+ bzero(&uc, sizeof(ucontext_t));
get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET);
PROC_LOCK(td->td_proc);
uc.uc_sigmask = td->td_sigmask;
@@ -108,6 +109,7 @@ sys_swapcontext(struct thread *td, struct swapcontext_args *uap)
if (uap->oucp == NULL || uap->ucp == NULL)
ret = EINVAL;
else {
+ bzero(&uc, sizeof(ucontext_t));
get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET);
bzero(uc.__spare__, sizeof(uc.__spare__));
PROC_LOCK(td->td_proc);