Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Pull up following revision(s) (requested by maxv in ticket #1330): 

sys/kern/uipc_socket2.c: revision 1.134

Fix info leaks: the alignment of the structures causes uninitialized heap
memory to be copied to userland in sys_recvmsg().
This commit is contained in:
martin 2019-08-07 08:21:55 +00:00
parent 0b5c9b0d03
commit 94e42a475c
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/kern/uipc_socket2.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: uipc_socket2.c,v 1.124.8.3 2018/07/31 17:01:20 martin Exp $ */
/* $NetBSD: uipc_socket2.c,v 1.124.8.4 2019/08/07 08:21:55 martin Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@ -58,7 +58,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: uipc_socket2.c,v 1.124.8.3 2018/07/31 17:01:20 martin Exp $");
__KERNEL_RCSID(0, "$NetBSD: uipc_socket2.c,v 1.124.8.4 2019/08/07 08:21:55 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_ddb.h"
@ -1419,6 +1419,10 @@ sbcreatecontrol1(void **p, int size, int type, int level, int flags)
cp->cmsg_len = CMSG_LEN(size);
cp->cmsg_level = level;
cp->cmsg_type = type;
memset(cp + 1, 0, CMSG_LEN(0) - sizeof(*cp));
memset((uint8_t *)*p + size, 0, CMSG_ALIGN(size) - size);
return m;
}