Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern sockaddr_alloc(9): Avoid uninitialized buffer in so...
details: https://anonhg.NetBSD.org/src/rev/b6b1506b8ad2
branches: trunk
changeset: 374083:b6b1506b8ad2
user: riastradh <riastradh%NetBSD.org@localhost>
date: Thu Mar 30 15:58:21 2023 +0000
description:
sockaddr_alloc(9): Avoid uninitialized buffer in sockaddr_checklen.
Manifests only under DIAGNOSTIC because the DIAGNOSTIC check itself
uses an uninitialized buffer.
Reported-by: syzbot+54b120643dfd6edc2318%syzkaller.appspotmail.com@localhost
https://syzkaller.appspot.com/bug?id=afb5b6e5da6e806aeb7fddcf1d03c3262f6fc765
diffstat:
sys/kern/uipc_domain.c | 13 +++++++++++--
1 files changed, 11 insertions(+), 2 deletions(-)
diffs (34 lines):
diff -r 9c2609380d31 -r b6b1506b8ad2 sys/kern/uipc_domain.c
--- a/sys/kern/uipc_domain.c Thu Mar 30 15:58:10 2023 +0000
+++ b/sys/kern/uipc_domain.c Thu Mar 30 15:58:21 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_domain.c,v 1.108 2020/11/06 14:50:13 christos Exp $ */
+/* $NetBSD: uipc_domain.c,v 1.109 2023/03/30 15:58:21 riastradh Exp $ */
/*
* Copyright (c) 1982, 1986, 1993
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_domain.c,v 1.108 2020/11/06 14:50:13 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_domain.c,v 1.109 2023/03/30 15:58:21 riastradh Exp $");
#include <sys/param.h>
#include <sys/socket.h>
@@ -324,6 +324,15 @@ sockaddr_alloc(sa_family_t af, socklen_t
struct sockaddr *sa;
socklen_t reallen = MAX(socklen, offsetof(struct sockaddr, sa_data[0]));
+#ifdef DIAGNOSTIC
+ /*
+ * sockaddr_checklen passes sa to sockaddr_format which
+ * requires it to be fully initialized.
+ *
+ * XXX This should be factored better.
+ */
+ flags |= M_ZERO;
+#endif
if ((sa = malloc(reallen, M_SOCKADDR, flags)) == NULL)
return NULL;
Home |
Main Index |
Thread Index |
Old Index