Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sys/dev: Memset zero before copyout. 

Just in case of uninitialized padding which would lead to kernel
stack disclosure.  If the compiler can prove the memset redundant
then it can optimize it away; otherwise better safe than sorry.

I think the iwi(4), mcd(4), and ses(4) changes actually plug leaks;
the raidframe(4) change probably doesn't (but doesn't hurt).
This commit is contained in:
riastradh 2021-09-09 23:26:36 +00:00
parent 0e225f3b02
commit 35947fb16c
4 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sys/dev/isa/mcd.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: mcd.c,v 1.120 2020/02/24 12:20:29 rin Exp $ */
/* $NetBSD: mcd.c,v 1.121 2021/09/09 23:26:36 riastradh Exp $ */
/*
* Copyright (c) 1993, 1994, 1995 Charles M. Hannum. All rights reserved.
@ -56,7 +56,7 @@
/*static char COPYRIGHT[] = "mcd-driver (C)1993 by H.Veit & B.Moore";*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: mcd.c,v 1.120 2020/02/24 12:20:29 rin Exp $");
__KERNEL_RCSID(0, "$NetBSD: mcd.c,v 1.121 2021/09/09 23:26:36 riastradh Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -1601,6 +1601,7 @@ mcd_read_subchannel(struct mcd_softc *sc, struct ioc_read_subchannel *ch,
if ((error = mcd_getqchan(sc, &q, ch->data_format)) != 0)
return error;
memset(info, 0, sizeof(*info));
info->header.audio_status = sc->audio_status;
info->what.media_catalog.data_format = ch->data_format;

7
sys/dev/pci/if_iwi.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: if_iwi.c,v 1.116 2021/06/16 00:21:18 riastradh Exp $ */
/* $NetBSD: if_iwi.c,v 1.117 2021/09/09 23:26:36 riastradh Exp $ */
/* $OpenBSD: if_iwi.c,v 1.111 2010/11/15 19:11:57 damien Exp $ */
/*-
@ -19,7 +19,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: if_iwi.c,v 1.116 2021/06/16 00:21:18 riastradh Exp $");
__KERNEL_RCSID(0, "$NetBSD: if_iwi.c,v 1.117 2021/09/09 23:26:36 riastradh Exp $");
/*-
* Intel(R) PRO/Wireless 2200BG/2225BG/2915ABG driver
@ -1870,8 +1870,9 @@ iwi_get_table0(struct iwi_softc *sc, uint32_t *tbl)
{
uint32_t size, buf[128];
memset(buf, 0, sizeof buf);
if (!(sc->flags & IWI_FLAG_FW_INITED)) {
memset(buf, 0, sizeof buf);
return copyout(buf, tbl, sizeof buf);
}

10
sys/dev/raidframe/rf_netbsdkintf.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: rf_netbsdkintf.c,v 1.400 2021/08/28 16:00:52 oster Exp $ */
/* $NetBSD: rf_netbsdkintf.c,v 1.401 2021/09/09 23:26:37 riastradh Exp $ */
/*-
* Copyright (c) 1996, 1997, 1998, 2008-2011 The NetBSD Foundation, Inc.
@ -101,7 +101,7 @@
***********************************************************/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: rf_netbsdkintf.c,v 1.400 2021/08/28 16:00:52 oster Exp $");
__KERNEL_RCSID(0, "$NetBSD: rf_netbsdkintf.c,v 1.401 2021/09/09 23:26:37 riastradh Exp $");
#ifdef _KERNEL_OPT
#include "opt_raid_autoconfig.h"
@ -3859,6 +3859,8 @@ void
rf_check_recon_status_ext(RF_Raid_t *raidPtr, RF_ProgressInfo_t *info)
{
memset(info, 0, sizeof(*info));
if (raidPtr->status != rf_rs_reconstructing) {
info->total = 100;
info->completed = 100;
@ -3874,6 +3876,8 @@ void
rf_check_parityrewrite_status_ext(RF_Raid_t *raidPtr, RF_ProgressInfo_t *info)
{
memset(info, 0, sizeof(*info));
if (raidPtr->parity_rewrite_in_progress == 1) {
info->total = raidPtr->Layout.numStripe;
info->completed = raidPtr->parity_rewrite_stripes_done;
@ -3889,6 +3893,8 @@ void
rf_check_copyback_status_ext(RF_Raid_t *raidPtr, RF_ProgressInfo_t *info)
{
memset(info, 0, sizeof(*info));
if (raidPtr->copyback_in_progress == 1) {
info->total = raidPtr->Layout.numStripe;
info->completed = raidPtr->copyback_stripes_done;

5
sys/dev/scsipi/ses.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ses.c,v 1.51 2019/03/08 08:35:58 msaitoh Exp $ */
/* $NetBSD: ses.c,v 1.52 2021/09/09 23:26:37 riastradh Exp $ */
/*
* Copyright (C) 2000 National Aeronautics & Space Administration
* All rights reserved.
@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ses.c,v 1.51 2019/03/08 08:35:58 msaitoh Exp $");
__KERNEL_RCSID(0, "$NetBSD: ses.c,v 1.52 2021/09/09 23:26:37 riastradh Exp $");
#ifdef _KERNEL_OPT
#include "opt_scsi.h"
@ -415,6 +415,7 @@ sesioctl(dev_t dev, u_long cmd, void *arg_addr, int flag, struct lwp *l)
case SESIOC_GETOBJMAP:
if (addr == NULL)
return EINVAL;
memset(&obj, 0, sizeof(obj));
for (uobj = addr, i = 0; i != ssc->ses_nobjects; i++, uobj++) {
obj.obj_id = i;
obj.subencid = ssc->ses_objmap[i].subenclosure;