From nobody Thu Dec 14 14:29:37 2023 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SrZVn3N97z542f9; Thu, 14 Dec 2023 14:29:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SrZVn2pmbz3JJX; Thu, 14 Dec 2023 14:29:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1702564177; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JqzxwYQH2LaGW+UGZluR8rb9zWGxvKm7Qt9J5zTFXcs=; b=Wt/Ru/k+sxODx39UI4UF3z84E8kEDVEwWVji5PDH768N5+fxy2YS4FzVFBWZA+7XX6f25R EU7iDI2FdzOY++nqSJqFvH7BBhRJJ7yPgEHQ65YJWEMGFJUKcZ06f9ubM5RRbMvFS8EUYU 08PcRfY0YdxGQPPC51gfxhTgDYoFRc0znH91T2n7/JrDZ65fKG1qRI0TK8pXpw7oCL3RwX WlfJNNEdP+0rU/sg3JcclYJfu4TdTHEDZQy/WQRtEJA1OrA3GlHd7Bqjj+Icf/Bms29jSb OS/vjGxTWNydZVqDlsNTjNFMIqDPexFtyowSa3gHlkHSbK/pNRJrso+4Fm0T5Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1702564177; a=rsa-sha256; cv=none; b=sfKBTAnaotNdBPDlHXsl7tSvJzEx2LcrzQYjaIkKLrNSy711m8uOpAE+SSUPpihZqFav4o CCKItHIgBQNlNOyygcpz8ySLc7TAFFj2GX+U03sR3JH5NpZXZXseQtGGcjhVxVvxGMb1RM gxesn/5bomQymZISOtt9VbmCHG+QXNnn/Y9UbHbhTgN/t2Vgtm5RX2YHSsSQpI3JNxnjwz LcdeEmtA64PUSouZf6bEseBE0DZ9rD63GX+WTCVrvsx0pvcT6vtmkUTMHvGI2Vz32DZ5yg Eyo3GBEx53A2KyZY0woXYd8eGz/a4Aiv8oergRiFbTFoQ8QNv6r+P4t39g3Phg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1702564177; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JqzxwYQH2LaGW+UGZluR8rb9zWGxvKm7Qt9J5zTFXcs=; b=xSgjvopDBr8HGSTPBCJ6fgPuCAJI5PySv+V4H2E6jEy+LA6wJH2oF/5q5P7Sh3BVazQoPq etJuoV1DA5hG41ubCPG69r735td108xpbl/80mjJkuhekazLwV1VVmWhAtd6ybki8TLUz5 QTLGSDfcb+ZiCAWnnsXC/xGdIQi7EwTDk0ebv8vVAU9JcfhRNNA2ESZTtgHwuzMwqNLcom sEsG6G8WXT8g77jO8+cuixTSbbKzgKEjR0Nf6dyVsAiaP20e3WOWAaizzEN/AajjkUrqvE 45Sx1Fe1bG3iVjs8IwZ73KR40j49ytgcVwfOiItFlcv7mUkQPLlyddbh8V7Veg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SrZVn1sqHzWhW; Thu, 14 Dec 2023 14:29:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3BEETb3t047093; Thu, 14 Dec 2023 14:29:37 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3BEETb6e047090; Thu, 14 Dec 2023 14:29:37 GMT (envelope-from git) Date: Thu, 14 Dec 2023 14:29:37 GMT Message-Id: <202312141429.3BEETb6e047090@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 89951a4a11ee - stable/13 - tty: Avoid a kernel memory discloure via kern.ttys List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 89951a4a11ee79d13ad472fe003cdf00b4fbe18b Auto-Submitted: auto-generated The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=89951a4a11ee79d13ad472fe003cdf00b4fbe18b commit 89951a4a11ee79d13ad472fe003cdf00b4fbe18b Author: Mark Johnston AuthorDate: 2023-12-11 14:19:09 +0000 Commit: Mark Johnston CommitDate: 2023-12-14 14:29:28 +0000 tty: Avoid a kernel memory discloure via kern.ttys Four pad bytes at the end of each xtty structure were not being cleared before being copied out. Fix this by clearing the whole structure before populating fields. MFC after: 3 days Reported by: KMSAN (cherry picked from commit 3c0fb026b2fc998fa9bea8aed76e96c58671aee3) --- sys/kern/tty.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/kern/tty.c b/sys/kern/tty.c index 00a5670d84cf..eaf69446afa2 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -1288,6 +1288,7 @@ tty_to_xtty(struct tty *tp, struct xtty *xt) tty_assert_locked(tp); + memset(xt, 0, sizeof(*xt)); xt->xt_size = sizeof(struct xtty); xt->xt_insize = ttyinq_getsize(&tp->t_inq); xt->xt_incc = ttyinq_bytescanonicalized(&tp->t_inq);