git: df81b1511854 - stable/14 - tty: Avoid a kernel memory discloure via kern.ttys

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Thu, 14 Dec 2023 14:29:23 UTC
The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=df81b15118542f0d2426490bd2605b7abd3c4d71

commit df81b15118542f0d2426490bd2605b7abd3c4d71
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-12-11 14:19:09 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-12-14 14:29:15 +0000

    tty: Avoid a kernel memory discloure via kern.ttys
    
    Four pad bytes at the end of each xtty structure were not being cleared
    before being copied out.  Fix this by clearing the whole structure
    before populating fields.
    
    MFC after:      3 days
    Reported by:    KMSAN
    
    (cherry picked from commit 3c0fb026b2fc998fa9bea8aed76e96c58671aee3)
---
 sys/kern/tty.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/kern/tty.c b/sys/kern/tty.c
index 620233947410..e051c66ab0c9 100644
--- a/sys/kern/tty.c
+++ b/sys/kern/tty.c
@@ -1288,6 +1288,7 @@ tty_to_xtty(struct tty *tp, struct xtty *xt)
 
 	tty_assert_locked(tp);
 
+	memset(xt, 0, sizeof(*xt));
 	xt->xt_size = sizeof(struct xtty);
 	xt->xt_insize = ttyinq_getsize(&tp->t_inq);
 	xt->xt_incc = ttyinq_bytescanonicalized(&tp->t_inq);