diff options
author | Mark Johnston <markj@FreeBSD.org> | 2018-11-22 20:49:41 +0000 |
---|---|---|
committer | Mark Johnston <markj@FreeBSD.org> | 2018-11-22 20:49:41 +0000 |
commit | 79db6fe7aa5e7bb735eb1566f55edce75615c720 (patch) | |
tree | 2626d0322d4e98de7450cdeeacf42a2b9cf3d8c6 /sys/netinet6 | |
parent | ad2be389414d64b79144d637a843d96757b90b26 (diff) | |
download | src-79db6fe7aa5e7bb735eb1566f55edce75615c720.tar.gz src-79db6fe7aa5e7bb735eb1566f55edce75615c720.zip |
Plug some networking sysctl leaks.
Various network protocol sysctl handlers were not zero-filling their
output buffers and thus would export uninitialized stack memory to
userland. Fix a number of such handlers.
Reported by: Thomas Barabosch, Fraunhofer FKIE
Reviewed by: tuexen
MFC after: 3 days
Security: kernel memory disclosure
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D18301
Notes
Notes:
svn path=/head/; revision=340783
Diffstat (limited to 'sys/netinet6')
-rw-r--r-- | sys/netinet6/ip6_mroute.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c index 9bbcc9ee85fa..87b6a1f323fe 100644 --- a/sys/netinet6/ip6_mroute.c +++ b/sys/netinet6/ip6_mroute.c @@ -203,7 +203,8 @@ sysctl_mif6table(SYSCTL_HANDLER_ARGS) struct mif6_sctl *out; int error; - out = malloc(sizeof(struct mif6_sctl) * MAXMIFS, M_TEMP, M_WAITOK); + out = malloc(sizeof(struct mif6_sctl) * MAXMIFS, M_TEMP, + M_WAITOK | M_ZERO); for (int i = 0; i < MAXMIFS; i++) { out[i].m6_flags = mif6table[i].m6_flags; out[i].m6_rate_limit = mif6table[i].m6_rate_limit; |