git: df81b1511854 - stable/14 - tty: Avoid a kernel memory discloure via kern.ttys
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 14 Dec 2023 14:29:23 UTC
The branch stable/14 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=df81b15118542f0d2426490bd2605b7abd3c4d71
commit df81b15118542f0d2426490bd2605b7abd3c4d71
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-12-11 14:19:09 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-12-14 14:29:15 +0000
tty: Avoid a kernel memory discloure via kern.ttys
Four pad bytes at the end of each xtty structure were not being cleared
before being copied out. Fix this by clearing the whole structure
before populating fields.
MFC after: 3 days
Reported by: KMSAN
(cherry picked from commit 3c0fb026b2fc998fa9bea8aed76e96c58671aee3)
---
sys/kern/tty.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sys/kern/tty.c b/sys/kern/tty.c
index 620233947410..e051c66ab0c9 100644
--- a/sys/kern/tty.c
+++ b/sys/kern/tty.c
@@ -1288,6 +1288,7 @@ tty_to_xtty(struct tty *tp, struct xtty *xt)
tty_assert_locked(tp);
+ memset(xt, 0, sizeof(*xt));
xt->xt_size = sizeof(struct xtty);
xt->xt_insize = ttyinq_getsize(&tp->t_inq);
xt->xt_incc = ttyinq_bytescanonicalized(&tp->t_inq);