svn commit: r343263 - head/sys/compat/linux
Ed Maste
emaste at FreeBSD.org
Mon Jan 21 17:12:17 UTC 2019
Author: emaste
Date: Mon Jan 21 17:12:16 2019
New Revision: 343263
URL: https://svnweb.freebsd.org/changeset/base/343263
Log:
linuxulator: fix stack memory disclosure in linux_sigaltstack
Most siginfo_to_lsiginfo callers already zeroed the l_siginfo_t before
callit it, but linux_waitid did not. Instead of zeroing in the called
function to address linux_waitid (as in commit 2e6ebe70), just do it in
linux_waitid.
admbugs: 765
Reported by: Vlad Tsyrklevich <vlad at tsyrklevich.net>
Reviewed by: Andrew
MFC after: 1 day
Security: Kernel stack memory disclosure
Sponsored by: The FreeBSD Foundation
Modified:
head/sys/compat/linux/linux_misc.c
Modified: head/sys/compat/linux/linux_misc.c
==============================================================================
--- head/sys/compat/linux/linux_misc.c Mon Jan 21 16:25:40 2019 (r343262)
+++ head/sys/compat/linux/linux_misc.c Mon Jan 21 17:12:16 2019 (r343263)
@@ -1089,9 +1089,8 @@ linux_waitid(struct thread *td, struct linux_waitid_ar
}
if (args->info != NULL) {
p = td->td_proc;
- if (td->td_retval[0] == 0)
- bzero(&lsi, sizeof(lsi));
- else {
+ bzero(&lsi, sizeof(lsi));
+ if (td->td_retval[0] != 0) {
sig = bsd_to_linux_signal(siginfo.si_signo);
siginfo_to_lsiginfo(&siginfo, &lsi, sig);
}
More information about the svn-src-head
mailing list