Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/ufs/ufs Zero out all the dirent padding not just one byt...
details: https://anonhg.NetBSD.org/src/rev/88138ef58766
branches: trunk
changeset: 456354:88138ef58766
user: christos <christos%NetBSD.org@localhost>
date: Sun May 05 01:48:53 2019 +0000
description:
Zero out all the dirent padding not just one byte, to avoid kernel memory
disclosure (from https://svnweb.freebsd.org/base?view=revision&revision=347066)
diffstat:
sys/ufs/ufs/dir.h | 7 +++++--
sys/ufs/ufs/ufs_lookup.c | 15 ++++++++++-----
2 files changed, 15 insertions(+), 7 deletions(-)
diffs (59 lines):
diff -r 178ca2f872b3 -r 88138ef58766 sys/ufs/ufs/dir.h
--- a/sys/ufs/ufs/dir.h Sun May 05 00:12:34 2019 +0000
+++ b/sys/ufs/ufs/dir.h Sun May 05 01:48:53 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: dir.h,v 1.25 2015/09/01 06:16:03 dholland Exp $ */
+/* $NetBSD: dir.h,v 1.26 2019/05/05 01:48:53 christos Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1993
@@ -111,8 +111,11 @@
* without the d_name field, plus enough space for the name with a terminating
* null byte (dp->d_namlen+1), rounded up to a 4 byte boundary.
*/
+#define DIR_ROUNDUP 4
+#define UFS_NAMEROUNDUP(namlen) (((namlen) + DIR_ROUNDUP) & ~(DIR_ROUNDUP - 1))
+#define UFS_NAMEPAD(namlen) (DIR_ROUNDUP - ((namlen) & (DIR_ROUNDUP - 1)))
#define UFS_DIRECTSIZ(namlen) \
- ((sizeof(struct direct) - (FFS_MAXNAMLEN+1)) + (((namlen)+1 + 3) &~ 3))
+ ((sizeof(struct direct) - (FFS_MAXNAMLEN+1)) + UFS_NAMEROUNDUP(namlen))
#if (BYTE_ORDER == LITTLE_ENDIAN)
#define UFS_DIRSIZ(oldfmt, dp, needswap) \
diff -r 178ca2f872b3 -r 88138ef58766 sys/ufs/ufs/ufs_lookup.c
--- a/sys/ufs/ufs/ufs_lookup.c Sun May 05 00:12:34 2019 +0000
+++ b/sys/ufs/ufs/ufs_lookup.c Sun May 05 01:48:53 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ufs_lookup.c,v 1.148 2017/10/27 12:25:15 joerg Exp $ */
+/* $NetBSD: ufs_lookup.c,v 1.149 2019/05/05 01:48:53 christos Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ufs_lookup.c,v 1.148 2017/10/27 12:25:15 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ufs_lookup.c,v 1.149 2019/05/05 01:48:53 christos Exp $");
#ifdef _KERNEL_OPT
#include "opt_ffs.h"
@@ -793,10 +793,15 @@
ufs_makedirentry(struct inode *ip, struct componentname *cnp,
struct direct *newdirp)
{
+ size_t namelen = cnp->cn_namelen;
+
newdirp->d_ino = ip->i_number;
- newdirp->d_namlen = cnp->cn_namelen;
- memcpy(newdirp->d_name, cnp->cn_nameptr, (size_t)cnp->cn_namelen);
- newdirp->d_name[cnp->cn_namelen] = '\0';
+ newdirp->d_namlen = namelen;
+ memcpy(newdirp->d_name, cnp->cn_nameptr, namelen);
+
+ /* Zero out padding */
+ memset(&newdirp->d_name[namelen], 0, UFS_NAMEPAD(namelen));
+
if (FSFMT(ITOV(ip)))
newdirp->d_type = 0;
else
Home |
Main Index |
Thread Index |
Old Index