From nobody Thu Dec 14 14:29:51 2023 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SrZW428Ykz54310; Thu, 14 Dec 2023 14:29:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SrZW41Fdqz3JpP; Thu, 14 Dec 2023 14:29:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1702564192; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ichz8a9cL2doAUHvrKCRORhTX1DX1dZJvjrnsu0IVks=; b=tonTblt/9cUvcpcTL1u+vt9Ql+e7QOo5qFeyFhDljKol8KqEc/5XEHsphflHGRPkpB0EvM tYbChh44xLDIKW9L9ocPU5iv/OWBAOUGeUMHMk1uopERZbry1ysT4f4v1+VtTZwbk0eSGO 6jJpnhw98nrcw4Q7sOo1rkVhLgz6/fBZ07X6iBB3eW/xKW3udaufLgSmZcwfyKE0yITQl9 ux/8BzRvQj5kFCxBBD+ynci3WoEKokYlSPlSmI9hYULlWA4lipTYm2o3bmklIacjV6C/hv WHE+28Zoh1Im1RVBGBMz6AMiN1yrUcEkSRZzWVbqRaslZocJNu4vg8LnwhqxEg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1702564192; a=rsa-sha256; cv=none; b=QsKWjvNX/j+WQEHW60tf9SwLaOtzw840SaLwWePG1hfOLIckPsU/LHAhDrE42JQ/hWG6cO jro2STuQ7gCXCz1Ae1x51O3LtJCpF3B1GggBlFFbvQRdHmrP7HTTQx/2j0gkT+J3/SXBH/ goCIskqTbpQHgsWKP5kaKJgWv0YeWRFo+ng2FwG4RgsoUOwtBUZNvclBiAIvLFYDE03xec r2r3Lypo7NHPR6VKA+NL75H1PWsoTyJMEPILAt/2Uzy7cignROYXQz+6U/nK3N+gMglyBF cjcc1Nx6A6RTOKFkcEpgKC+0zX850SxKW3lDnn1sQCTyfnoX1yYZj5iOU/nVNg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1702564192; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ichz8a9cL2doAUHvrKCRORhTX1DX1dZJvjrnsu0IVks=; b=byy0v+hSbbuNbxa7MplV4fXvrY1ykbEWKJSTOBgq7b1cShAZvujIOUs+YDa7JDX5KDx8m1 0Pj2IbkBQZlndRr2+nJRaAeUH0gFfyCuAAh0DWgCyPvtEdVHZzGjraksjr3hNOiwWrSkv2 wqZzINKHy4k6HW7n1tFC5gT22hvSCI9SiIPtLhhPQUd8zkZRFNJS4gxSIQ6A6ShEK7jjyM WrV4IVx4C5RY0C5p9zOfE/JA2fjUZcT5b5QNTxn6isO+qsvkpX7DeBPepF/aFnfkd2ULf5 bBn3Wde7ReH75gA/LVL4kECbXK3HkW8aKso+fKQZyi3QwtXfGctY45ljbr3ThQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SrZW40K4NzWhX; Thu, 14 Dec 2023 14:29:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3BEETp1Y047274; Thu, 14 Dec 2023 14:29:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3BEETpRJ047271; Thu, 14 Dec 2023 14:29:51 GMT (envelope-from git) Date: Thu, 14 Dec 2023 14:29:51 GMT Message-Id: <202312141429.3BEETpRJ047271@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: d76303c9d326 - stable/12 - tty: Avoid a kernel memory discloure via kern.ttys List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: d76303c9d326f1543fbe64f98b8a875228020910 Auto-Submitted: auto-generated The branch stable/12 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=d76303c9d326f1543fbe64f98b8a875228020910 commit d76303c9d326f1543fbe64f98b8a875228020910 Author: Mark Johnston AuthorDate: 2023-12-11 14:19:09 +0000 Commit: Mark Johnston CommitDate: 2023-12-14 14:29:42 +0000 tty: Avoid a kernel memory discloure via kern.ttys Four pad bytes at the end of each xtty structure were not being cleared before being copied out. Fix this by clearing the whole structure before populating fields. MFC after: 3 days Reported by: KMSAN (cherry picked from commit 3c0fb026b2fc998fa9bea8aed76e96c58671aee3) --- sys/kern/tty.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/kern/tty.c b/sys/kern/tty.c index f80ffd4921e6..c63a03183f1b 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -1279,6 +1279,7 @@ tty_to_xtty(struct tty *tp, struct xtty *xt) tty_assert_locked(tp); + memset(xt, 0, sizeof(*xt)); xt->xt_size = sizeof(struct xtty); xt->xt_insize = ttyinq_getsize(&tp->t_inq); xt->xt_incc = ttyinq_bytescanonicalized(&tp->t_inq);