diff options
| author | Ed Maste <emaste@FreeBSD.org> | 2022-03-29 14:48:00 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2022-03-29 20:18:07 +0000 |
| commit | d3aef2d8fc89def105f84dca7f35a901d861539c (patch) | |
| tree | 0bf4e99e7f7a4b95fbb646a818d4145da766ef69 /sys/compat | |
| parent | 95dc524228934e434236bb58d7e945703d2e037d (diff) | |
| download | src-d3aef2d8fc89def105f84dca7f35a901d861539c.tar.gz src-d3aef2d8fc89def105f84dca7f35a901d861539c.zip | |
Avoid kernel stack disclosure in compat32 stat
copy_stat and copy_ostat used by 32-bit compat *stat calls left spare
and padding bytes uninitialized.
This issue does not exist in stable/12 and later as it was incidentally
addressed as part of the 64-bit inode project.
Reported by: Reno Robert of Trend Micro Zero Day Initiative
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34706
Diffstat (limited to 'sys/compat')
| -rw-r--r-- | sys/compat/freebsd32/freebsd32_misc.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/compat/freebsd32/freebsd32_misc.c b/sys/compat/freebsd32/freebsd32_misc.c index d19050944aae..81fed2a8fc4e 100644 --- a/sys/compat/freebsd32/freebsd32_misc.c +++ b/sys/compat/freebsd32/freebsd32_misc.c @@ -1780,6 +1780,7 @@ static void copy_stat(struct stat *in, struct stat32 *out) { + bzero(out, sizeof(*out)); CP(*in, *out, st_dev); CP(*in, *out, st_ino); CP(*in, *out, st_mode); @@ -1803,6 +1804,7 @@ static void copy_ostat(struct stat *in, struct ostat32 *out) { + bzero(out, sizeof(*out)); CP(*in, *out, st_dev); CP(*in, *out, st_ino); CP(*in, *out, st_mode); |