Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/net Fix kernel info leak. There are 2 bytes of padding i...
details: https://anonhg.NetBSD.org/src/rev/0c8c36eb3340
branches: trunk
changeset: 994548:0c8c36eb3340
user: maxv <maxv%NetBSD.org@localhost>
date: Tue Nov 13 07:45:43 2018 +0000
description:
Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr.
[ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2]
[ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd>
[ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd>
[ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd>
[ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd>
[ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd>
[ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd>
[ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd>
[ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd>
[ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd>
[ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
diffstat:
sys/net/rtsock.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diffs (36 lines):
diff -r c085b64477ea -r 0c8c36eb3340 sys/net/rtsock.c
--- a/sys/net/rtsock.c Tue Nov 13 07:16:33 2018 +0000
+++ b/sys/net/rtsock.c Tue Nov 13 07:45:43 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rtsock.c,v 1.243 2018/09/07 06:08:16 maxv Exp $ */
+/* $NetBSD: rtsock.c,v 1.244 2018/11/13 07:45:43 maxv Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.243 2018/09/07 06:08:16 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.244 2018/11/13 07:45:43 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -1294,7 +1294,7 @@
if (rw->w_tmemsize < len) {
if (rw->w_tmem)
kmem_free(rw->w_tmem, rw->w_tmemsize);
- rw->w_tmem = kmem_alloc(len, KM_SLEEP);
+ rw->w_tmem = kmem_zalloc(len, KM_SLEEP);
rw->w_tmemsize = len;
}
if (rw->w_tmem) {
@@ -1863,7 +1863,7 @@
again:
/* we may return here if a later [re]alloc of the t_mem buffer fails */
if (w.w_tmemneeded) {
- w.w_tmem = kmem_alloc(w.w_tmemneeded, KM_SLEEP);
+ w.w_tmem = kmem_zalloc(w.w_tmemneeded, KM_SLEEP);
w.w_tmemsize = w.w_tmemneeded;
w.w_tmemneeded = 0;
}
Home |
Main Index |
Thread Index |
Old Index