> On Jan 31, 2021, at 7:25 AM, Andrea Venturoli <m...@netfence.it> wrote: > > On 1/31/21 12:29 PM, Miroslav Lachman wrote: > >>> Several file systems were not properly initializing the d_off field of >>> the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), >>> smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, >>> eight uninitialized kernel stack bytes may be leaked to userspace by >>> these file systems. This problem is not present in FreeBSD 11. >> There is a Corrected in: stable/11, 11.4-STABLE and releng/11.4, >> 11.4-RELEASE-p7, but later is a statement "This problem is not present in >> FreeBSD 11". >> What is true? Is it fixed in newer patchlevel of FreeBSD 11.4 or it was not >> present in 11.x at all? > > My understanding is that the problem described in that paragraph does not > affect 11.x, but the next one does (and is "Corrected..."). > > I.e. 11.x is affected by: > >> Additionally, msdosfs(5) was failing to zero-fill a pair of padding >> fields in the dirent structure, resulting in a leak of three >> uninitialized bytes. > > > Is that right?
This is correct. If you look at the patch cited for 11.x, it only has a fix applied to msdosfs(5). Best regards, Gordon
signature.asc
Description: Message signed with OpenPGP
