CVS commit: src/sys/kern

[Taylor R Campbell]

Module Name:    src
Committed By:   riastradh
Date:           Fri Jul  1 22:30:51 UTC 2022

Modified Files:
        src/sys/kern: uipc_syscalls.c

Log Message:
sendto(2), recvfrom(2): Scrub internal struct msghdr on stack.

Otherwise this is kernel stack disclosure via ktrace.

Reported-by: syzbot+1d40303b310063778...@syzkaller.appspotmail.com


To generate a diff of this commit:
cvs rdiff -u -r1.205 -r1.206 src/sys/kern/uipc_syscalls.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/uipc_syscalls.c
diff -u src/sys/kern/uipc_syscalls.c:1.205 src/sys/kern/uipc_syscalls.c:1.206
--- src/sys/kern/uipc_syscalls.c:1.205	Wed Jun 29 22:27:12 2022
+++ src/sys/kern/uipc_syscalls.c	Fri Jul  1 22:30:51 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_syscalls.c,v 1.205 2022/06/29 22:27:12 riastradh Exp $	*/
+/*	$NetBSD: uipc_syscalls.c,v 1.206 2022/07/01 22:30:51 riastradh Exp $	*/
 
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.205 2022/06/29 22:27:12 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.206 2022/07/01 22:30:51 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_pipe.h"
@@ -498,7 +498,7 @@ sys_sendto(struct lwp *l, const struct s
 		syscallarg(const struct sockaddr *)	to;
 		syscallarg(unsigned int)		tolen;
 	} */
-	struct msghdr	msg;
+	struct msghdr	msg = {0};
 	struct iovec	aiov;
 
 	msg.msg_name = __UNCONST(SCARG(uap, to)); /* XXXUNCONST kills const */
@@ -694,7 +694,7 @@ sys_recvfrom(struct lwp *l, const struct
 		syscallarg(struct sockaddr *)	from;
 		syscallarg(unsigned int *)	fromlenaddr;
 	} */
-	struct msghdr	msg;
+	struct msghdr	msg = {0};
 	struct iovec	aiov;
 	int		error;
 	struct mbuf	*from;