diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2018-11-22 20:49:41 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2018-11-22 20:49:41 +0000 |
| commit | 79db6fe7aa5e7bb735eb1566f55edce75615c720 (patch) | |
| tree | 2626d0322d4e98de7450cdeeacf42a2b9cf3d8c6 /sys/netinet/in_pcb.c | |
| parent | ad2be389414d64b79144d637a843d96757b90b26 (diff) | |
| download | src-79db6fe7aa5e7bb735eb1566f55edce75615c720.tar.gz src-79db6fe7aa5e7bb735eb1566f55edce75615c720.zip | |
Plug some networking sysctl leaks.
Various network protocol sysctl handlers were not zero-filling their
output buffers and thus would export uninitialized stack memory to
userland. Fix a number of such handlers.
Reported by: Thomas Barabosch, Fraunhofer FKIE
Reviewed by: tuexen
MFC after: 3 days
Security: kernel memory disclosure
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D18301
Notes
Notes:
svn path=/head/; revision=340783
Diffstat (limited to 'sys/netinet/in_pcb.c')
| -rw-r--r-- | sys/netinet/in_pcb.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index cd9ebec7a848..69d9fe13baaa 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -2883,11 +2883,10 @@ void in_pcbtoxinpcb(const struct inpcb *inp, struct xinpcb *xi) { + bzero(xi, sizeof(*xi)); xi->xi_len = sizeof(struct xinpcb); if (inp->inp_socket) sotoxsocket(inp->inp_socket, &xi->xi_socket); - else - bzero(&xi->xi_socket, sizeof(struct xsocket)); bcopy(&inp->inp_inc, &xi->inp_inc, sizeof(struct in_conninfo)); xi->inp_gencnt = inp->inp_gencnt; xi->inp_ppcb = (uintptr_t)inp->inp_ppcb; |