kern/158880: bpf_filter() can leak kernel stack contents
guy at alum.mit.edu
Thu Jul 14 00:50:09 UTC 2011
>Synopsis: bpf_filter() can leak kernel stack contents
>Arrival-Date: Thu Jul 14 00:50:08 UTC 2011
>Originator: Guy Harris
N/A (problem found by looking at OpenBSD's source repository)
That's Linux's BPF interpreter, but the same problem exists with the *BSD BPF interpreter:
A little more work, as BSD's BPF interpreter isn't supported on arbitrary sockets, just on BPF devices, but you could probably try to cook something interesting up.
Add a bzero() or memset(..., 0, ...) to zero out the men array early in bpf_filter().
More information about the freebsd-bugs