[Midnightbsd-cvs] src [7617] fix a security vulnerability with linux emulation layer.
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Tue May 31 18:06:51 EDT 2016
Revision: 7617
http://svnweb.midnightbsd.org/src/?rev=7617
Author: laffer1
Date: 2016-05-31 18:06:51 -0400 (Tue, 31 May 2016)
Log Message:
-----------
fix a security vulnerability with linux emulation layer. the TIOCGSERIAL ioctl(2) does not clear the output struct before copying it out to userland.
Modified Paths:
--------------
stable/0.7/sys/compat/linux/linux_ioctl.c
stable/0.7/sys/compat/linux/linux_misc.c
Property Changed:
----------------
stable/0.7/sys/compat/linux/linux_ioctl.c
Modified: stable/0.7/sys/compat/linux/linux_ioctl.c
===================================================================
--- stable/0.7/sys/compat/linux/linux_ioctl.c 2016-05-31 20:44:29 UTC (rev 7616)
+++ stable/0.7/sys/compat/linux/linux_ioctl.c 2016-05-31 22:06:51 UTC (rev 7617)
@@ -29,7 +29,7 @@
#include "opt_compat.h"
#include <sys/cdefs.h>
-__MBSDID("$MidnightBSD: src/sys/compat/linux/linux_ioctl.c,v 1.4 2013/01/08 00:27:47 laffer1 Exp $");
+__MBSDID("$MidnightBSD$");
#include <sys/param.h>
#include <sys/systm.h>
@@ -911,6 +911,8 @@
case LINUX_TIOCGSERIAL: {
struct linux_serial_struct lss;
+
+ bzero(&lss, sizeof(lss));
lss.type = LINUX_PORT_16550A;
lss.flags = 0;
lss.close_delay = 0;
Property changes on: stable/0.7/sys/compat/linux/linux_ioctl.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.5
\ No newline at end of property
Modified: stable/0.7/sys/compat/linux/linux_misc.c
===================================================================
--- stable/0.7/sys/compat/linux/linux_misc.c 2016-05-31 20:44:29 UTC (rev 7616)
+++ stable/0.7/sys/compat/linux/linux_misc.c 2016-05-31 22:06:51 UTC (rev 7617)
@@ -124,6 +124,7 @@
int i, j;
struct timespec ts;
+ bzero(&sysinfo, sizeof(sysinfo));
getnanouptime(&ts);
if (ts.tv_nsec != 0)
ts.tv_sec++;
More information about the Midnightbsd-cvs
mailing list