From c2ee5917b0914026950465c0d4da515901da2989 Mon Sep 17 00:00:00 2001 From: philip Date: Wed, 5 Dec 2007 19:32:07 +0000 Subject: Plug two potential (root-only, local) information leaks. buf is not initialized before use and returned integrally instead of up to size. Submitted by: Ilja van Sprundel Reviewed by: secteam MFC after: 1 day --- sys/dev/iwi/if_iwi.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'sys/dev/iwi') diff --git a/sys/dev/iwi/if_iwi.c b/sys/dev/iwi/if_iwi.c index f4572d3..97dad68 100644 --- a/sys/dev/iwi/if_iwi.c +++ b/sys/dev/iwi/if_iwi.c @@ -3327,15 +3327,15 @@ iwi_sysctl_stats(SYSCTL_HANDLER_ARGS) struct iwi_softc *sc = arg1; uint32_t size, buf[128]; - if (!(sc->flags & IWI_FLAG_FW_INITED)) { - memset(buf, 0, sizeof buf); + memset(buf, 0, sizeof buf); + + if (!(sc->flags & IWI_FLAG_FW_INITED)) return SYSCTL_OUT(req, buf, sizeof buf); - } size = min(CSR_READ_4(sc, IWI_CSR_TABLE0_SIZE), 128 - 1); CSR_READ_REGION_4(sc, IWI_CSR_TABLE0_BASE, &buf[1], size); - return SYSCTL_OUT(req, buf, sizeof buf); + return SYSCTL_OUT(req, buf, size); } static int -- cgit v1.1