diff options
| author | brooks <brooks@FreeBSD.org> | 2017-04-05 21:08:26 +0000 |
|---|---|---|
| committer | brooks <brooks@FreeBSD.org> | 2017-04-05 21:08:26 +0000 |
| commit | b0da260ac2e82e2e506ddbe6d2a04de7b0c20ef8 (patch) | |
| tree | 37482a70b738c71635fc1cb24bf3d231c9fa7c47 /sys/kern | |
| parent | 3888225986e12e272372f98199de1c528f50aded (diff) | |
| download | FreeBSD-src-b0da260ac2e82e2e506ddbe6d2a04de7b0c20ef8.zip FreeBSD-src-b0da260ac2e82e2e506ddbe6d2a04de7b0c20ef8.tar.gz | |
MFC r316497:
Correct a kernel stack leak in 32-bit compat when vfc_name is short.
Don't zero unused pointer members again.
Per discussion with secteam we are not issuing an advisory for this
issue as we have no current evidence it leaks exploitable information.
Reviewed by: rwatson, glebius, delphij
Sponsored by: DARPA, AFRL
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/vfs_subr.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index 5c48b81..42156e0 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -3357,12 +3357,11 @@ vfsconf2x32(struct sysctl_req *req, struct vfsconf *vfsp) { struct xvfsconf32 xvfsp; + bzero(&xvfsp, sizeof(xvfsp)); strcpy(xvfsp.vfc_name, vfsp->vfc_name); xvfsp.vfc_typenum = vfsp->vfc_typenum; xvfsp.vfc_refcount = vfsp->vfc_refcount; xvfsp.vfc_flags = vfsp->vfc_flags; - xvfsp.vfc_vfsops = 0; - xvfsp.vfc_next = 0; return (SYSCTL_OUT(req, &xvfsp, sizeof(xvfsp))); } #endif |
