From nobody Thu Dec 14 14:29:23 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SrZVW58dkz542Ts; Thu, 14 Dec 2023 14:29:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SrZVW40Wyz3J38; Thu, 14 Dec 2023 14:29:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1702564163; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FqyHi3xOPTf+tKeog0PVleVMUJ+9QLMTizGeYRrFAqk=; b=sXTIDlnwewvJ+hW0tmf40heEbwe2FvHDApuPzM6b408OGULO/JwcBDIpqUTPiPYQ0SdDTh 8HGApuTy0TSwJ7j32J86AWu4lEQ96Wb0WRRrXYGxrZJLbAzFqhYTEYn3G09g4V+VubGkU3 xnkUklKgYy4Y23hdrM2vDCblXnsiCw3mpPXTJJ7XOTy2kQowsZCFSWElkVDFGt+DM1MQVJ yIbWLyJMU8GkYiX728EJ7eMufNLkFWb6N7xN0cfUpWLqZvmi7UcdwEzFJB0lNfrYh34F61 B7rL1njIBDw51YjS8luC+TDxMceJFDcDC1O/cUQtkODgn/VvjHrpfLws8EOLXg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1702564163; a=rsa-sha256; cv=none; b=QVIMUa45eTWzwaXyrhEFZk4fRjJ+jpB+UhINQdcLCyqVjypjB8ibl5o/qGKt3HGUc8TJPx 95tcTNVc+uKBNmPL78eiMZ/p0ym+8qvTueND4WXKAhBTf0/JcyoqN1GIydyXIB+SJMFb7c mOhn0/mWwoqoCnkJ6Iy1G8yacWmDQA9webBybMWPA/hOt04bWt/qLvoNeWyPAPVrztwDPp keR0YcsnHZv4YDwhiqBxLWvgtz+CcqDIjrjK/5X+o175koVNkgeR87lvExV/PIBEfQqr+d UbGcFf5NweV3JA3XWXDRwrNAZUAoo+bGI3zW2ElabWzEBO7RLwRpGg2kAs1P+g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1702564163; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FqyHi3xOPTf+tKeog0PVleVMUJ+9QLMTizGeYRrFAqk=; b=dKxAM5qikiMgyzmP5f6JyRFg40a3kjheUb7xaLkdS0IknjZhVILZlhk2L2TA+b4BEYJweh FCbQmSTMB7qqAMq4UZ8MRcnFSMQfpipA+UVX4pBLkbDh68Rtp4SrilPQtRNjYcIwhzqYCp LNjiAqRkeN6kOGZR4JyQA1bcc9irtMsTUThv4yeLd0+G1nNza8tcDcj0/m83TYDGMm1Iki xRfLxiKGdQ+135AsfSRJgxbcBmURGAr/HR0BuSf0sIWSrWIxKrOfXsqqWBDUy0jJRIPWuP JnVklbKgNeajjys7+3BAcRkSFzXrfBie9ms9oOHwx99+59Z1XhNIzgSg4fEDcA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SrZVW33jpzVsw; Thu, 14 Dec 2023 14:29:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3BEETN6k046927; Thu, 14 Dec 2023 14:29:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3BEETN3a046925; Thu, 14 Dec 2023 14:29:23 GMT (envelope-from git) Date: Thu, 14 Dec 2023 14:29:23 GMT Message-Id: <202312141429.3BEETN3a046925@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: df81b1511854 - stable/14 - tty: Avoid a kernel memory discloure via kern.ttys List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: df81b15118542f0d2426490bd2605b7abd3c4d71 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=df81b15118542f0d2426490bd2605b7abd3c4d71 commit df81b15118542f0d2426490bd2605b7abd3c4d71 Author: Mark Johnston AuthorDate: 2023-12-11 14:19:09 +0000 Commit: Mark Johnston CommitDate: 2023-12-14 14:29:15 +0000 tty: Avoid a kernel memory discloure via kern.ttys Four pad bytes at the end of each xtty structure were not being cleared before being copied out. Fix this by clearing the whole structure before populating fields. MFC after: 3 days Reported by: KMSAN (cherry picked from commit 3c0fb026b2fc998fa9bea8aed76e96c58671aee3) --- sys/kern/tty.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/kern/tty.c b/sys/kern/tty.c index 620233947410..e051c66ab0c9 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -1288,6 +1288,7 @@ tty_to_xtty(struct tty *tp, struct xtty *xt) tty_assert_locked(tp); + memset(xt, 0, sizeof(*xt)); xt->xt_size = sizeof(struct xtty); xt->xt_insize = ttyinq_getsize(&tp->t_inq); xt->xt_incc = ttyinq_bytescanonicalized(&tp->t_inq);