diff options
author | Colin Percival <cperciva@FreeBSD.org> | 2005-04-15 01:53:14 +0000 |
---|---|---|
committer | Colin Percival <cperciva@FreeBSD.org> | 2005-04-15 01:53:14 +0000 |
commit | 0752f9e3ef68e0cb962ad00497e73a231961496b (patch) | |
tree | e2e1498ea9cf82b56bcd4d330201b315b1f5015f | |
parent | cfba578f829c4e411a77bbfce2d7062c288ee881 (diff) | |
download | src-test2-0752f9e3ef68e0cb962ad00497e73a231961496b.tar.gz src-test2-0752f9e3ef68e0cb962ad00497e73a231961496b.zip |
Zero the ifr.ifr_name buffer in ifconf() in order to avoid
accidental disclosure of kernel memory to userland.
Security: FreeBSD-SA-05:04.ifconf
Approved by: so (cperciva)
Notes
Notes:
svn path=/releng/5.3/; revision=145096
-rw-r--r-- | UPDATING | 4 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
-rw-r--r-- | sys/net/if.c | 6 |
3 files changed, 11 insertions, 1 deletions
@@ -8,6 +8,10 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. Important recent entries: 20040724 (default X changes). +20050414: p9 FreeBSD-SA-05:04.ifconf + Zero a buffer in ifconf() in order to avoid accidental + disclosure of kernel memory to userland. + 20050406: p8 FreeBSD-SA-05:03.amd64 Correctly initialize the I/O permission bitmap on amd64. diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 4962370e8209..80d848961446 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="5.3" -BRANCH="RELEASE-p8" +BRANCH="RELEASE-p9" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" diff --git a/sys/net/if.c b/sys/net/if.c index b93e81b113c6..f509b7f515fd 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -1520,6 +1520,12 @@ again: TAILQ_FOREACH(ifp, &ifnet, if_link) { int addrs; + /* + * Zero the ifr_name buffer to make sure we don't + * disclose the contents of the stack. + */ + memset(ifr.ifr_name, 0, sizeof(ifr.ifr_name)); + if (strlcpy(ifr.ifr_name, ifp->if_xname, sizeof(ifr.ifr_name)) >= sizeof(ifr.ifr_name)) return (ENAMETOOLONG); |