From 79db6fe7aa5e7bb735eb1566f55edce75615c720 Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Thu, 22 Nov 2018 20:49:41 +0000
Subject: Plug some networking sysctl leaks.

Various network protocol sysctl handlers were not zero-filling their
output buffers and thus would export uninitialized stack memory to
userland.  Fix a number of such handlers.

Reported by:	Thomas Barabosch, Fraunhofer FKIE
Reviewed by:	tuexen
MFC after:	3 days
Security:	kernel memory disclosure
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D18301
---
 sys/netinet/in_pcb.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'sys/netinet/in_pcb.c')

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index cd9ebec7a848..69d9fe13baaa 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -2883,11 +2883,10 @@ void
 in_pcbtoxinpcb(const struct inpcb *inp, struct xinpcb *xi)
 {
 
+	bzero(xi, sizeof(*xi));
 	xi->xi_len = sizeof(struct xinpcb);
 	if (inp->inp_socket)
 		sotoxsocket(inp->inp_socket, &xi->xi_socket);
-	else
-		bzero(&xi->xi_socket, sizeof(struct xsocket));
 	bcopy(&inp->inp_inc, &xi->inp_inc, sizeof(struct in_conninfo));
 	xi->inp_gencnt = inp->inp_gencnt;
 	xi->inp_ppcb = (uintptr_t)inp->inp_ppcb;
-- 
cgit v1.2.3