Clear the padding when returning context to the usermode, for

MI ucontext_t and x86 MD parts. Kernel allocates the structures on the stack, and not clearing reserved fields and paddings causes leakage. Noted and discussed with: bde MFC after: 2 weeks
author: kib <kib@FreeBSD.org> 2011-02-05 15:10:27 +0000
committer: kib <kib@FreeBSD.org> 2011-02-05 15:10:27 +0000
commit: 7bb770f50569c30360fa8ab90ee3a62664f26a17 (patch)
tree: e9d326ccc72870724643bb78427f2751a20d4328 /sys/kern/kern_context.c
parent: ff6aee65ced361bd15132be42d4fc4424670f651 (diff)
download: FreeBSD-src-7bb770f50569c30360fa8ab90ee3a62664f26a17.zip
FreeBSD-src-7bb770f50569c30360fa8ab90ee3a62664f26a17.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/kern/kern_context.c b/sys/kern/kern_context.c
index 4424eff..9230857 100644
--- a/sys/kern/kern_context.c
+++ b/sys/kern/kern_context.c
@@ -72,6 +72,7 @@ getcontext(struct thread *td, struct getcontext_args *uap)
 		PROC_LOCK(td->td_proc);
 		uc.uc_sigmask = td->td_sigmask;
 		PROC_UNLOCK(td->td_proc);
+		bzero(uc.__spare__, sizeof(uc.__spare__));
 		ret = copyout(&uc, uap->ucp, UC_COPY_SIZE);
 	}
 	return (ret);
@@ -108,6 +109,7 @@ swapcontext(struct thread *td, struct swapcontext_args *uap)
 		ret = EINVAL;
 	else {
 		get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET);
+		bzero(uc.__spare__, sizeof(uc.__spare__));
 		PROC_LOCK(td->td_proc);
 		uc.uc_sigmask = td->td_sigmask;
 		PROC_UNLOCK(td->td_proc);
author	kib <kib@FreeBSD.org>	2011-02-05 15:10:27 +0000
committer	kib <kib@FreeBSD.org>	2011-02-05 15:10:27 +0000
commit	7bb770f50569c30360fa8ab90ee3a62664f26a17 (patch)
tree	e9d326ccc72870724643bb78427f2751a20d4328 /sys/kern/kern_context.c
parent	ff6aee65ced361bd15132be42d4fc4424670f651 (diff)
download	FreeBSD-src-7bb770f50569c30360fa8ab90ee3a62664f26a17.zip FreeBSD-src-7bb770f50569c30360fa8ab90ee3a62664f26a17.tar.gz