Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/compat Fix three stack info leaks, found by kMSan when j...
details: https://anonhg.NetBSD.org/src/rev/b1e4a549d621
branches: trunk
changeset: 968061:b1e4a549d621
user: maxv <maxv%NetBSD.org@localhost>
date: Wed Jan 01 14:52:38 2020 +0000
description:
Fix three stack info leaks, found by kMSan when just invoking all syscalls
with a zero page as argument.
MSan: Uninitialized Stack Memory In copyout() At Offset 0, Variable 'sb32' From compat_20_netbsd32_getfsstat()
MSan: Uninitialized Stack Memory In copyout() At Offset 12, Variable 'oss' From compat_43_sys_sigstack()
MSan: Uninitialized Stack Memory In copyout() At Offset 0, Variable 'sb' From compat_50_netbsd32___fhstat40()
diffstat:
sys/compat/common/kern_sig_43.c | 5 +++--
sys/compat/netbsd32/netbsd32_compat_20.c | 5 +++--
sys/compat/netbsd32/netbsd32_compat_50.c | 8 ++++----
3 files changed, 10 insertions(+), 8 deletions(-)
diffs (82 lines):
diff -r 5b8112797a67 -r b1e4a549d621 sys/compat/common/kern_sig_43.c
--- a/sys/compat/common/kern_sig_43.c Wed Jan 01 14:33:48 2020 +0000
+++ b/sys/compat/common/kern_sig_43.c Wed Jan 01 14:52:38 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_sig_43.c,v 1.35 2019/01/27 02:08:39 pgoyette Exp $ */
+/* $NetBSD: kern_sig_43.c,v 1.36 2020/01/01 14:52:38 maxv Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_sig_43.c,v 1.35 2019/01/27 02:08:39 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_sig_43.c,v 1.36 2020/01/01 14:52:38 maxv Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -128,6 +128,7 @@
void
compat_43_sigaltstack_to_sigstack(const struct sigaltstack *sa, struct sigstack *ss)
{
+ memset(ss, 0, sizeof(*ss));
ss->ss_sp = sa->ss_sp;
if (sa->ss_flags & SS_ONSTACK)
ss->ss_onstack = 1;
diff -r 5b8112797a67 -r b1e4a549d621 sys/compat/netbsd32/netbsd32_compat_20.c
--- a/sys/compat/netbsd32/netbsd32_compat_20.c Wed Jan 01 14:33:48 2020 +0000
+++ b/sys/compat/netbsd32/netbsd32_compat_20.c Wed Jan 01 14:52:38 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_compat_20.c,v 1.38 2019/01/27 02:08:40 pgoyette Exp $ */
+/* $NetBSD: netbsd32_compat_20.c,v 1.39 2020/01/01 14:52:38 maxv Exp $ */
/*
* Copyright (c) 1998, 2001 Matthew R. Green
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_compat_20.c,v 1.38 2019/01/27 02:08:40 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_compat_20.c,v 1.39 2020/01/01 14:52:38 maxv Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -57,6 +57,7 @@
static inline void
compat_20_netbsd32_from_statvfs(struct statvfs *sbp, struct netbsd32_statfs *sb32p)
{
+ sb32p->f_type = 0; /* XXX Put an actual value? */
sb32p->f_flags = sbp->f_flag;
sb32p->f_bsize = (netbsd32_long)sbp->f_bsize;
sb32p->f_iosize = (netbsd32_long)sbp->f_iosize;
diff -r 5b8112797a67 -r b1e4a549d621 sys/compat/netbsd32/netbsd32_compat_50.c
--- a/sys/compat/netbsd32/netbsd32_compat_50.c Wed Jan 01 14:33:48 2020 +0000
+++ b/sys/compat/netbsd32/netbsd32_compat_50.c Wed Jan 01 14:52:38 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_compat_50.c,v 1.43 2019/12/15 16:48:26 tsutsui Exp $ */
+/* $NetBSD: netbsd32_compat_50.c,v 1.44 2020/01/01 14:52:38 maxv Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -29,7 +29,7 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_compat_50.c,v 1.43 2019/12/15 16:48:26 tsutsui Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_compat_50.c,v 1.44 2020/01/01 14:52:38 maxv Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -803,9 +803,9 @@
int error;
error = do_fhstat(l, SCARG_P32(uap, fhp), SCARG(uap, fh_size), &sb);
- if (error != 0) {
+ if (error == 0) {
netbsd32_from___stat50(&sb, &sb32);
- error = copyout(&sb32, SCARG_P32(uap, sb), sizeof(sb));
+ error = copyout(&sb32, SCARG_P32(uap, sb), sizeof(sb32));
}
return error;
}
Home |
Main Index |
Thread Index |
Old Index