svn commit: r353640 - head/sys/kern
Conrad Meyer
cem at freebsd.org
Tue Oct 22 18:05:08 UTC 2019
Theoretically the information should be here, but it's still locked:
https://admbugs.freebsd.org/show_bug.cgi?id=651 .
On Tue, Oct 22, 2019 at 8:51 AM Alan Somers <asomers at freebsd.org> wrote:
>
> On Wed, Oct 16, 2019 at 7:21 AM Andrew Turner <andrew at freebsd.org> wrote:
>>
>> Author: andrew
>> Date: Wed Oct 16 13:21:01 2019
>> New Revision: 353640
>> URL: https://svnweb.freebsd.org/changeset/base/353640
>>
>> Log:
>> Stop leaking information from the kernel through timespec
>>
>> The timespec struct holds a seconds value in a time_t and a nanoseconds
>> value in a long. On most architectures these are the same size, however
>> on 32-bit architectures other than i386 time_t is 8 bytes and long is
>> 4 bytes.
>>
>> Most ABIs will then pad a struct holding an 8 byte and 4 byte value to
>> 16 bytes with 4 bytes of padding. When copying one of these structs the
>> compiler is free to copy the padding if it wishes.
>>
>> In this case the padding may contain kernel data that is then leaked to
>> userspace. Fix this by copying the timespec elements rather than the
>> entire struct.
>>
>> This doesn't affect Tier-1 architectures so no SA is expected.
>>
>> admbugs: 651
>> MFC after: 1 week
>> Sponsored by: DARPA, AFRL
>
>
> Good catch. Might I ask how you found it, or who reported it?
More information about the svn-src-head
mailing list