[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:01.fsdisclosure
Gordon Tetlow
gordon at tetlows.org
Sun Jan 31 17:35:46 UTC 2021
> On Jan 31, 2021, at 7:25 AM, Andrea Venturoli <ml at netfence.it> wrote:
>
> On 1/31/21 12:29 PM, Miroslav Lachman wrote:
>
>>> Several file systems were not properly initializing the d_off field of
>>> the dirent structures returned by VOP_READDIR. In particular, tmpfs(5),
>>> smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result,
>>> eight uninitialized kernel stack bytes may be leaked to userspace by
>>> these file systems. This problem is not present in FreeBSD 11.
>> There is a Corrected in: stable/11, 11.4-STABLE and releng/11.4, 11.4-RELEASE-p7, but later is a statement "This problem is not present in FreeBSD 11".
>> What is true? Is it fixed in newer patchlevel of FreeBSD 11.4 or it was not present in 11.x at all?
>
> My understanding is that the problem described in that paragraph does not affect 11.x, but the next one does (and is "Corrected...").
>
> I.e. 11.x is affected by:
>
>> Additionally, msdosfs(5) was failing to zero-fill a pair of padding
>> fields in the dirent structure, resulting in a leak of three
>> uninitialized bytes.
>
>
> Is that right?
This is correct. If you look at the patch cited for 11.x, it only has a fix applied to msdosfs(5).
Best regards,
Gordon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20210131/93f148f8/attachment.sig>
More information about the freebsd-security
mailing list