[Midnightbsd-cvs] [MidnightBSD/src] 8a5bb9: ipfilter: Plug ip_nat kernel information leak
Mateusz Piotrowski
noreply at github.com
Wed Dec 31 13:35:17 EST 2025
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: 8a5bb900079e20540d2f17143caec79a8d910c60
https://github.com/MidnightBSD/src/commit/8a5bb900079e20540d2f17143caec79a8d910c60
Author: Cy Schubert <cy at FreeBSD.org>
Date: 2025-12-31 (Wed, 31 Dec 2025)
Changed paths:
M sys/netpfil/ipfilter/netinet/ip_nat.c
Log Message:
-----------
ipfilter: Plug ip_nat kernel information leak
ipf_nat_getent() allocates a variable-sized nat_save_t buffer with
KMALLOCS() (which does not zero memory) and then copies only a subset
of fields into it before returning the object to userland using
ipf_outobjsz(). Because the structure is not fully initialized on all
paths, uninitialized kernel heap bytes can be copied back to user space,
resulting in an information leak.
We fix this by zeroing out the data structure immediately after
allocation.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Reviewed by: emaste
Differential revision: https://reviews.freebsd.org/D53274
(cherry picked from commit 6535e9308a26e17023831fe68fb71d2febf2a002)
Commit: dc07135a8f65d2419b756985bfebb44a064d0b60
https://github.com/MidnightBSD/src/commit/dc07135a8f65d2419b756985bfebb44a064d0b60
Author: Jose Luis Duran <jlduran at FreeBSD.org>
Date: 2025-12-31 (Wed, 31 Dec 2025)
Changed paths:
M etc/mtree/BSD.include.dist
Log Message:
-----------
mtree: Remove stray wi directory
Reviewed by: imp, emaste
Fixes: a21def4d568f ("pccard: Remove wi(4) driver")
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D53264
(cherry picked from commit f942a7465469008f7538436a70f15a44cabecbb0)
Commit: faa6683d2094e10921b5f539deb3165e9df88c97
https://github.com/MidnightBSD/src/commit/faa6683d2094e10921b5f539deb3165e9df88c97
Author: Dag-Erling Smørgrav <des at FreeBSD.org>
Date: 2025-12-31 (Wed, 31 Dec 2025)
Changed paths:
Log Message:
-----------
w: Trim whitespace and commas from time and uptime
When producing formatted output, trim leading whitespace and trailing
commas from the human-readable time and uptime before emitting them.
The text output remains unchanged.
PR: 290089
Fixes: 6e6febb54da9 ("w: Fix idle time in json output, add login/idle times to json output")
Reviewed by: marius.h_lden.org
Differential Revision: https://reviews.freebsd.org/D53167
(cherry picked from commit 4d5789532a940144c869d66505e756ce816f8a50)
Commit: cfbb5e927efb9c58eb942049e8c83cedf2e38d39
https://github.com/MidnightBSD/src/commit/cfbb5e927efb9c58eb942049e8c83cedf2e38d39
Author: Dimitry Andric <dim at FreeBSD.org>
Date: 2025-12-31 (Wed, 31 Dec 2025)
Changed paths:
M contrib/llvm-project/clang/lib/Driver/ToolChains/FreeBSD.h
Log Message:
-----------
Merge commit e24f90190c77 from llvm git (by Brad Smith):
[Driver] Enable outline atomics for FreeBSD/aarch64 (#156089)
The compiler_rt helper functions have been built since 12.4, 13.1, 14
and anything newer.
MFC after: 3 days
(cherry picked from commit 51e8e8b0f36933814b1be08913857727876aece5)
Commit: af2106e302453f99e5e854eb8bae2f1df16e6f4e
https://github.com/MidnightBSD/src/commit/af2106e302453f99e5e854eb8bae2f1df16e6f4e
Author: Mateusz Piotrowski <0mp at FreeBSD.org>
Date: 2025-12-31 (Wed, 31 Dec 2025)
Changed paths:
M share/examples/mdoc/example.1
M share/examples/mdoc/example.3
M share/examples/mdoc/example.4
M share/examples/mdoc/example.9
Log Message:
-----------
examples/mdoc: Remove text of BSD-2-Clause from mdoc examples
We live in the SPDX world now and our example manual pages should
reflect that.
Also, fix the order of the SPDX and copyright lines as per style(9).
Reviewed by: ziaee
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53335
(cherry picked from commit 83ac79599f6b94c57321ce3738fc28d1fa6a6c60)
Commit: f82ea57935d4ad5b27d00fffdfea7a39efb531fe
https://github.com/MidnightBSD/src/commit/f82ea57935d4ad5b27d00fffdfea7a39efb531fe
Author: Mateusz Piotrowski <0mp at FreeBSD.org>
Date: 2025-12-31 (Wed, 31 Dec 2025)
Changed paths:
M share/man/man5/style.mdoc.5
Log Message:
-----------
style.mdoc.5: Point readers to style(9) regarding copyright headers
While here, fix the ordering of the elements in the copyright header per
style(9) and remove the text of the license as we already have the SPDX
tag here.
MFC after: 3 days
(cherry picked from commit 3cc7d67155dad57e0d10f02a584fda6c8f2ea0b2)
Commit: 4775ffc321fd32452c1082dec20bcf9d06bd2521
https://github.com/MidnightBSD/src/commit/4775ffc321fd32452c1082dec20bcf9d06bd2521
Author: Mark Johnston <markj at FreeBSD.org>
Date: 2025-12-31 (Wed, 31 Dec 2025)
Changed paths:
M sys/net/altq/altq_cbq.c
M sys/net/altq/altq_fairq.c
M sys/net/altq/altq_priq.c
Log Message:
-----------
altq: Clear stats structures in get_class_stats()
These structures are copied out to userspace, and it's possible to leak
uninitialized stack bytes since these routines and their callers weren't
careful to clear them first. Add memsets to avoid this.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Reviewed by: kp, emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53342
(cherry picked from commit ff08916e9ac689e6ce734de72325fc2bd9495a35)
Commit: 14092942527b4d22dcda797d75936e05c087525c
https://github.com/MidnightBSD/src/commit/14092942527b4d22dcda797d75936e05c087525c
Author: Mateusz Piotrowski <0mp at FreeBSD.org>
Date: 2025-12-31 (Wed, 31 Dec 2025)
Changed paths:
M lib/libc/gen/getvfsbyname.3
M sbin/mount/mount.8
Log Message:
-----------
getvfsbyname.3 mount.8: Reference lsvfs(1)
MFC after: 3 days
Reviewed by: ziaee
Differential Revision: https://reviews.freebsd.org/D53411
(cherry picked from commit cb1315c15acf7d3fae66b2c5631e076776683f96)
Compare: https://github.com/MidnightBSD/src/compare/dc3359cc1488...14092942527b
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list