Zero the ifr.ifr_name buffer in ifconf() in order to avoid

accidental disclosure of kernel memory to userland.

Security:	FreeBSD-SA-05:04.ifconf
Approved by:	so (cperciva)

3 files changed, 11 insertions, 1 deletions

diff --git a/UPDATING b/UPDATING
index 0f529adc8667..aa9edc496ebb 100644
--- a/UPDATING
+++ b/UPDATING
@@ -8,6 +8,10 @@ Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running
 portupgrade.  Important recent entries: 20040724 (default X changes).
 
+20050414:	p9	FreeBSD-SA-05:04.ifconf
+	Zero a buffer in ifconf() in order to avoid accidental
+	disclosure of kernel memory to userland.
+
 20050406:	p8	FreeBSD-SA-05:03.amd64
 	Correctly initialize the I/O permission bitmap on amd64.
 
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 4962370e8209..80d848961446 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="5.3"
-BRANCH="RELEASE-p8"
+BRANCH="RELEASE-p9"
 RELEASE="${REVISION}-${BRANCH}"
 VERSION="${TYPE} ${RELEASE}"
 
diff --git a/sys/net/if.c b/sys/net/if.c
index b93e81b113c6..f509b7f515fd 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -1520,6 +1520,12 @@ again:
 	TAILQ_FOREACH(ifp, &ifnet, if_link) {
 		int addrs;
 
+		/*
+		 * Zero the ifr_name buffer to make sure we don't
+		 * disclose the contents of the stack.
+		 */
+		memset(ifr.ifr_name, 0, sizeof(ifr.ifr_name));
+
 		if (strlcpy(ifr.ifr_name, ifp->if_xname, sizeof(ifr.ifr_name))
 		    >= sizeof(ifr.ifr_name))
 			return (ENAMETOOLONG);