git: 89951a4a11ee - stable/13 - tty: Avoid a kernel memory discloure via kern.ttys
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 14 Dec 2023 14:29:37 UTC
The branch stable/13 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=89951a4a11ee79d13ad472fe003cdf00b4fbe18b
commit 89951a4a11ee79d13ad472fe003cdf00b4fbe18b
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-12-11 14:19:09 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-12-14 14:29:28 +0000
tty: Avoid a kernel memory discloure via kern.ttys
Four pad bytes at the end of each xtty structure were not being cleared
before being copied out. Fix this by clearing the whole structure
before populating fields.
MFC after: 3 days
Reported by: KMSAN
(cherry picked from commit 3c0fb026b2fc998fa9bea8aed76e96c58671aee3)
---
sys/kern/tty.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sys/kern/tty.c b/sys/kern/tty.c
index 00a5670d84cf..eaf69446afa2 100644
--- a/sys/kern/tty.c
+++ b/sys/kern/tty.c
@@ -1288,6 +1288,7 @@ tty_to_xtty(struct tty *tp, struct xtty *xt)
tty_assert_locked(tp);
+ memset(xt, 0, sizeof(*xt));
xt->xt_size = sizeof(struct xtty);
xt->xt_insize = ttyinq_getsize(&tp->t_inq);
xt->xt_incc = ttyinq_bytescanonicalized(&tp->t_inq);