Author: brooks
Date: Wed Apr 5 21:08:26 2017
New Revision: 316543
URL: https://svnweb.freebsd.org/changeset/base/316543
Log:
MFC r316497:
Correct a kernel stack leak in 32-bit compat when vfc_name is short.
Don't zero unused pointer members again.
Per discussion with secteam we are not issuing an advisory for this
issue as we have no current evidence it leaks exploitable information.
Reviewed by: rwatson, glebius, delphij
Sponsored by: DARPA, AFRL
Modified:
stable/10/sys/kern/vfs_subr.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/kern/vfs_subr.c
==============================================================================
--- stable/10/sys/kern/vfs_subr.c Wed Apr 5 20:11:05 2017
(r316542)
+++ stable/10/sys/kern/vfs_subr.c Wed Apr 5 21:08:26 2017
(r316543)
@@ -3357,12 +3357,11 @@ vfsconf2x32(struct sysctl_req *req, stru
{
struct xvfsconf32 xvfsp;
+ bzero(&xvfsp, sizeof(xvfsp));
strcpy(xvfsp.vfc_name, vfsp->vfc_name);
xvfsp.vfc_typenum = vfsp->vfc_typenum;
xvfsp.vfc_refcount = vfsp->vfc_refcount;
xvfsp.vfc_flags = vfsp->vfc_flags;
- xvfsp.vfc_vfsops = 0;
- xvfsp.vfc_next = 0;
return (SYSCTL_OUT(req, &xvfsp, sizeof(xvfsp)));
}
#endif
_______________________________________________
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"
