Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Zero out the ifreq struct for SIOCGIFCONF to avoid up to 127 bytes of stack 

disclosure. From Andy Nguyen, many thanks! This is the compat code part
pointed out by ozaki-r@
This commit is contained in:
christos 2019-04-18 17:45:12 +00:00
parent 1946a9c139
commit b52554b0d5
3 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sys/compat/common/uipc_syscalls_40.c
View File

@ -1,9 +1,9 @@
/* $NetBSD: uipc_syscalls_40.c,v 1.18 2019/03/01 11:06:56 pgoyette Exp $ */
/* $NetBSD: uipc_syscalls_40.c,v 1.19 2019/04/18 17:45:12 christos Exp $ */
/* written by Pavel Cahyna, 2006. Public domain. */
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls_40.c,v 1.18 2019/03/01 11:06:56 pgoyette Exp $");
__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls_40.c,v 1.19 2019/04/18 17:45:12 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@ -56,6 +56,7 @@ compat_ifconf(u_long cmd, void *data)
return ENOSYS;
}
memset(&ifr, 0, sizeof(ifr));
if (docopy) {
space = ifc->ifc_len;
ifrp = ifc->ifc_req;

5
sys/compat/linux/common/linux_socket.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: linux_socket.c,v 1.144 2019/02/04 04:37:50 mrg Exp $ */
/* $NetBSD: linux_socket.c,v 1.145 2019/04/18 17:45:12 christos Exp $ */
/*-
* Copyright (c) 1995, 1998, 2008 The NetBSD Foundation, Inc.
@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.144 2019/02/04 04:37:50 mrg Exp $");
__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.145 2019/04/18 17:45:12 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@ -1136,6 +1136,7 @@ linux_getifconf(struct lwp *l, register_t *retval, void *data)
if (error)
return error;
memset(&ifr, 0, sizeof(ifr));
docopy = ifc.ifc_req != NULL;
if (docopy) {
space = ifc.ifc_len;

5
sys/compat/linux32/common/linux32_socket.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: linux32_socket.c,v 1.29 2018/05/10 01:32:24 ozaki-r Exp $ */
/* $NetBSD: linux32_socket.c,v 1.30 2019/04/18 17:45:12 christos Exp $ */
/*-
* Copyright (c) 2006 Emmanuel Dreyfus, all rights reserved.
@ -33,7 +33,7 @@
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: linux32_socket.c,v 1.29 2018/05/10 01:32:24 ozaki-r Exp $");
__KERNEL_RCSID(0, "$NetBSD: linux32_socket.c,v 1.30 2019/04/18 17:45:12 christos Exp $");
#include <sys/types.h>
#include <sys/param.h>
@ -431,6 +431,7 @@ linux32_getifconf(struct lwp *l, register_t *retval, void *data)
if (error)
return error;
memset(&ifr, 0, sizeof(ifr));
docopy = NETBSD32PTR64(ifc.ifc_req) != NULL;
if (docopy) {
space = ifc.ifc_len;