diff options
author | Colin Percival <cperciva@FreeBSD.org> | 2005-04-15 01:52:40 +0000 |
---|---|---|
committer | Colin Percival <cperciva@FreeBSD.org> | 2005-04-15 01:52:40 +0000 |
commit | fbd24c5ed637a1750fabcb16f6e52a663a3b397b (patch) | |
tree | 49479b437ab1c9c40b2d81d82d0e579080680df9 /sys/net/if.c | |
parent | 27a2f39bcfa23e75480d78312469231230545db5 (diff) | |
download | src-fbd24c5ed637a1750fabcb16f6e52a663a3b397b.tar.gz src-fbd24c5ed637a1750fabcb16f6e52a663a3b397b.zip |
Zero the ifr.ifr_name buffer in ifconf() in order to avoid
accidental disclosure of kernel memory to userland.
Security: FreeBSD-SA-05:04.ifconf
Notes
Notes:
svn path=/head/; revision=145095
Diffstat (limited to 'sys/net/if.c')
-rw-r--r-- | sys/net/if.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/net/if.c b/sys/net/if.c index 9a717c84926e..192a0382defc 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -1596,6 +1596,12 @@ again: TAILQ_FOREACH(ifp, &ifnet, if_link) { int addrs; + /* + * Zero the ifr_name buffer to make sure we don't + * disclose the contents of the stack. + */ + memset(ifr.ifr_name, 0, sizeof(ifr.ifr_name)); + if (strlcpy(ifr.ifr_name, ifp->if_xname, sizeof(ifr.ifr_name)) >= sizeof(ifr.ifr_name)) return (ENAMETOOLONG); |