Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-7]: src/sys/net Pull up following revision(s) (requested by maxv ...



details:   https://anonhg.NetBSD.org/src/rev/2103ede34c2a
branches:  netbsd-7
changeset: 800577:2103ede34c2a
user:      martin <martin%NetBSD.org@localhost>
date:      Wed Nov 28 16:30:06 2018 +0000

description:
Pull up following revision(s) (requested by maxv in ticket #1657):

        sys/net/rtsock.c: revision 1.244 (adapted)

Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr.
[  944.607323] kleak: Possible leak in copyout: [len=176, leaked=2]
[  944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd>
[  944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd>
[  944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd>
[  944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd>
[  944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd>
[  944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd>
[  944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd>
[  944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd>
[  944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd>
[  944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>

diffstat:

 sys/net/rtsock.c |  8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diffs (36 lines):

diff -r 6fc2268316d7 -r 2103ede34c2a sys/net/rtsock.c
--- a/sys/net/rtsock.c  Wed Nov 28 16:26:31 2018 +0000
+++ b/sys/net/rtsock.c  Wed Nov 28 16:30:06 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: rtsock.c,v 1.163 2014/08/09 05:33:01 rtr Exp $ */
+/*     $NetBSD: rtsock.c,v 1.163.2.1 2018/11/28 16:30:06 martin Exp $  */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.163 2014/08/09 05:33:01 rtr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.163.2.1 2018/11/28 16:30:06 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -968,7 +968,7 @@
                        if (rw->w_tmemsize < len) {
                                if (rw->w_tmem)
                                        free(rw->w_tmem, M_RTABLE);
-                               rw->w_tmem = malloc(len, M_RTABLE, M_NOWAIT);
+                               rw->w_tmem = malloc(len, M_RTABLE, M_NOWAIT|M_ZERO);
                                if (rw->w_tmem)
                                        rw->w_tmemsize = len;
                                else
@@ -1398,7 +1398,7 @@
 again:
        /* we may return here if a later [re]alloc of the t_mem buffer fails */
        if (w.w_tmemneeded) {
-               w.w_tmem = malloc(w.w_tmemneeded, M_RTABLE, M_WAITOK);
+               w.w_tmem = malloc(w.w_tmemneeded, M_RTABLE, M_WAITOK|M_ZERO);
                w.w_tmemsize = w.w_tmemneeded;
                w.w_tmemneeded = 0;
        }



Home | Main Index | Thread Index | Old Index