svn commit: r363051 - in head: lib/libc/sys sys/kern

Thu, 09 Jul 2020 10:27:18 -0700 

Author: markj
Date: Thu Jul  9 17:26:49 2020
New Revision: 363051
URL: https://svnweb.freebsd.org/changeset/base/363051

Log:
  Avoid copying out kernel pointers from msgctl(IPC_STAT).
  
  While this behaviour is harmless, it is really just an artifact of the
  fact that the msgctl(2) implementation uses a user-visible structure as
  part of the internal implementation, so it is not deliberate and these
  pointers are not useful to userspace.  Thus, NULL them out before
  copying out, and remove references to them from the manual page.
  
  Reported by:  Jeffball <jeffb...@grimm-co.com>
  Reviewed by:  emaste, kib
  MFC after:    1 week
  Sponsored by: The FreeBSD Foundation
  Differential Revision:        https://reviews.freebsd.org/D25600

Modified:
  head/lib/libc/sys/msgctl.2
  head/sys/kern/sysv_msg.c

Modified: head/lib/libc/sys/msgctl.2
==============================================================================
--- head/lib/libc/sys/msgctl.2  Thu Jul  9 17:12:22 2020        (r363050)
+++ head/lib/libc/sys/msgctl.2  Thu Jul  9 17:26:49 2020        (r363051)
@@ -31,7 +31,7 @@
 .\"
 .\" $FreeBSD$
 .\"/
-.Dd July 9, 2009
+.Dd July 9, 2020
 .Dt MSGCTL 2
 .Os
 .Sh NAME
@@ -63,8 +63,6 @@ and contains (amongst others) the following members:
 .Bd -literal
 struct msqid_ds {
        struct  ipc_perm msg_perm;      /* msg queue permission bits */
-       struct  msg *__msg_first;       /* kernel data, don't use */
-       struct  msg *__msg_last;        /* kernel data, don't use */
        msglen_t msg_cbytes;    /* number of bytes in use on the queue */
        msgqnum_t msg_qnum;     /* number of msgs in the queue */
        msglen_t msg_qbytes;    /* max # of bytes on the queue */

Modified: head/sys/kern/sysv_msg.c
==============================================================================
--- head/sys/kern/sysv_msg.c    Thu Jul  9 17:12:22 2020        (r363050)
+++ head/sys/kern/sysv_msg.c    Thu Jul  9 17:26:49 2020        (r363051)
@@ -613,6 +613,13 @@ kern_msgctl(struct thread *td, int msqid, int cmd, str
                *msqbuf = msqkptr->u;
                if (td->td_ucred->cr_prison != msqkptr->cred->cr_prison)
                        msqbuf->msg_perm.key = IPC_PRIVATE;
+
+               /*
+                * Try to hide the fact that the structure layout is shared by
+                * both the kernel and userland.  These pointers are not useful
+                * to userspace.
+                */
+               msqbuf->__msg_first = msqbuf->__msg_last = NULL;
                break;
 
        default:
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to