From nobody Sat Nov 15 15:05:32 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4d7y4D3dVwz6GRT9; Sat, 15 Nov 2025 15:05:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4d7y4D33jjz3HBw; Sat, 15 Nov 2025 15:05:32 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1763219132; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4jnSokCDJKk6h43BWiJ8rPXpZRj7sfE5uz+fp17U3Ts=; b=nR0rd4+hU4CBAiNm2oEwV9QBMpU7sO2h3oselcWa8RmnT2j+/sra1jPwT4dI7kucQKFRHb mUtEX/kHJSd6Oto3ZhnIllF/rn0u75owonl2fubvGdcfTRS8EsibWjZY5qrClQF7u2ubdM 09V8J+A1/S9WM4XA5XTsLWopzCZGu3j55b/krO3d3B4ADJ+/o6lgA770ZyLfSHulpLehfX 68JB3YReAvVBhqe6gChCdl+KzpPYfXgxTbTozA16P+E3UfdeqCdyX4FeYcifeLO27q4kHG ZSUvHXQn6E9HZ8KQIM0prkDEfjG0bbRmP1vSMWrY8PLXaonIzDxonhIp+7K0TQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1763219132; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4jnSokCDJKk6h43BWiJ8rPXpZRj7sfE5uz+fp17U3Ts=; b=e++PIBdfGrbwQG9Zo7wZctcSVkOz1+696h/uy1eNNLwIpmkz4O+lbqYZG1sSW812MP2XhU 2NuwIJnxWZroM+vQb96kpY8407A1pjg1wO2Fx+AusQvfmWC246bv/YHRjPuJtU5fVNyTQV ZFKHYI1aKhXu8YoPChWGRisj+ZO+wMjq9/q8dncnYISCxNcPNoXI5syNTXK1EPgLMcWgJf U+PFCrL1XJPlCqqTv+yPHvX3sQKSPMe57HdfRMrDWYwsYsWLVSFTaZb6xG3aEa0erVt03J IDQyxx0POZgQY5HVRecHn8jQguzNCQmcIMX5Syv8Xs3ZWxGzHg+arHn0ryLjDg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1763219132; a=rsa-sha256; cv=none; b=ujByh1QzFsDKVaRvzX8o5CwibsuFAvhZbdVT3d6WOodNoeSFDFE1CPgxz6bNXu5R7g3JDE 9ZhRoUfelEJR/M8D6Y2inTolPeDlWevqy5/0YPPWHucAqSQFpcLd+xTpKvobstrdVzuMI+ Ewd9Q4fGudgQV3R5GfNbRNhk9rzcfFLz2zAxDk0+C0C75wTmsVLunW6XBZ7NQv3EuShDJ0 BL9GKKcWJGqeGown/UGgdsnG7lTpMXznS+cRZY2wBtxQEHO7ASw2RwlQFarY29QO45fwQX sI1aWgdReObVAzeUbHUWOI05jqHWHKSyN4Qk3QsJ2jI1cOEaZ5pML/NdNHda6Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4d7y4D2Y2NzxtF; Sat, 15 Nov 2025 15:05:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5AFF5Wh1021718; Sat, 15 Nov 2025 15:05:32 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5AFF5WDX021715; Sat, 15 Nov 2025 15:05:32 GMT (envelope-from git) Date: Sat, 15 Nov 2025 15:05:32 GMT Message-Id: <202511151505.5AFF5WDX021715@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: b0447186a624 - releng/15.0 - setcred(): Fix 32-bit compatibility copy-in List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: b0447186a6240db80cba1210da049a0a0ee24508 Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=b0447186a6240db80cba1210da049a0a0ee24508 commit b0447186a6240db80cba1210da049a0a0ee24508 Author: Olivier Certner AuthorDate: 2025-11-14 20:20:12 +0000 Commit: Colin Percival CommitDate: 2025-11-15 15:05:11 +0000 setcred(): Fix 32-bit compatibility copy-in For 32-bit processes on 64-bit architectures, a difference of 'int' pointers was wrongly used as a number of bytes to copy in a memcpy() used to internally construct a 64-bit 'struct setcred' from the 32-bit variant, leading to copying only part of the 32-bit structure, and thus to requesting credentials with garbage IDs except for the real and effective user IDs. This bug was spotted by jhb@, who produced a slightly more invasive fix in D53757 (a switch to using CP() on all fields). In the interest of minimizing the diff for possible inclusion in 15.0, the commit here just limits itself to fixing the number of bytes to copy. Tested successfully on a VM with 32-bit mdo(1) (and in passing also tested that the same executable on a kernel without this change exhibits the bug in practice, in the form of setcred() failing with EINVAL). Reported by: jhb Reviewed by: jhb Fixes: ddb3eb4efe55 ("New setcred() system call and associated MAC hooks") MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D53767 (cherry picked from commit 4872b48b175cc637ee38f645d68b8207d9335474) For the insta-MFC to stable/15: Approved by: re (cperciva) (cherry picked from commit 190e6d67953c3fb2064823d27998c54defff1925) --- sys/kern/kern_prot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 3c145851b683..0b7dc2169335 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -603,8 +603,8 @@ user_setcred(struct thread *td, const u_int flags, if (error != 0) return (error); /* These fields have exactly the same sizes and positions. */ - memcpy(&wcred, &wcred32, &wcred32.setcred32_copy_end - - &wcred32.setcred32_copy_start); + memcpy(&wcred, &wcred32, __rangeof(struct setcred32, + setcred32_copy_start, setcred32_copy_end)); /* Remaining fields are pointers and need PTRIN*(). */ PTRIN_CP(wcred32, wcred, sc_supp_groups); PTRIN_CP(wcred32, wcred, sc_label);