diff options
author | Colin Percival <cperciva@FreeBSD.org> | 2005-05-06 02:50:35 +0000 |
---|---|---|
committer | Colin Percival <cperciva@FreeBSD.org> | 2005-05-06 02:50:35 +0000 |
commit | 9be140854826fbd914b4b3d0ed7ea18551025751 (patch) | |
tree | 1856a055f5491a190332f4496d0e945cb181513b | |
parent | 87c0973d9e410f3474229ede792adc39964aec99 (diff) | |
download | src-test2-9be140854826fbd914b4b3d0ed7ea18551025751.tar.gz src-test2-9be140854826fbd914b4b3d0ed7ea18551025751.zip |
Notes
-rw-r--r-- | UPDATING | 3 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
-rw-r--r-- | sys/kern/subr_bus.c | 3 | ||||
-rw-r--r-- | sys/kern/vfs_subr.c | 3 | ||||
-rw-r--r-- | sys/net/if_mib.c | 1 | ||||
-rw-r--r-- | sys/netinet/ip_divert.c | 1 | ||||
-rw-r--r-- | sys/netinet/raw_ip.c | 1 | ||||
-rw-r--r-- | sys/netinet/udp_usrreq.c | 1 |
8 files changed, 14 insertions, 1 deletions
@@ -8,6 +8,9 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. Important recent entries: 20040724 (default X changes). +20050506: p13 FreeBSD-SA-05:08.kmem + Correct several local kernel memory disclosure bugs. + 20050506: p12 FreeBSD-SA-05:07.ldt Correctly validate inputs to the i386_get_ldt syscall. diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index c5712880d515..48594499e25c 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="5.3" -BRANCH="RELEASE-p12" +BRANCH="RELEASE-p13" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" diff --git a/sys/kern/subr_bus.c b/sys/kern/subr_bus.c index 37a66480b92c..3710ede5e090 100644 --- a/sys/kern/subr_bus.c +++ b/sys/kern/subr_bus.c @@ -3719,6 +3719,7 @@ sysctl_devices(SYSCTL_HANDLER_ARGS) /* * Populate the return array. */ + bzero(&udev, sizeof(udev)); udev.dv_handle = (uintptr_t)dev; udev.dv_parent = (uintptr_t)dev->parent; if (dev->nameunit == NULL) @@ -3790,6 +3791,7 @@ sysctl_rman(SYSCTL_HANDLER_ARGS) * resource manager. */ if (res_idx == -1) { + bzero(&urm, sizeof(urm)); urm.rm_handle = (uintptr_t)rm; strlcpy(urm.rm_descr, rm->rm_descr, RM_TEXTLEN); urm.rm_start = rm->rm_start; @@ -3805,6 +3807,7 @@ sysctl_rman(SYSCTL_HANDLER_ARGS) */ TAILQ_FOREACH(res, &rm->rm_list, r_link) { if (res_idx-- == 0) { + bzero(&ures, sizeof(ures)); ures.r_handle = (uintptr_t)res; ures.r_parent = (uintptr_t)res->r_rm; ures.r_device = (uintptr_t)res->r_dev; diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index ad6d7490caa5..8f5c4c9afb42 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -2899,6 +2899,7 @@ sysctl_vfs_conflist(SYSCTL_HANDLER_ARGS) error = 0; TAILQ_FOREACH(vfsp, &vfsconf, vfc_list) { + bzero(&xvfsp, sizeof(xvfsp)); vfsconf2x(vfsp, &xvfsp); error = SYSCTL_OUT(req, &xvfsp, sizeof xvfsp); if (error) @@ -2943,6 +2944,7 @@ vfs_sysctl(SYSCTL_HANDLER_ARGS) break; if (vfsp == NULL) return (EOPNOTSUPP); + bzero(&xvfsp, sizeof(xvfsp)); vfsconf2x(vfsp, &xvfsp); return (SYSCTL_OUT(req, &xvfsp, sizeof(xvfsp))); } @@ -2962,6 +2964,7 @@ sysctl_ovfs_conf(SYSCTL_HANDLER_ARGS) struct ovfsconf ovfs; TAILQ_FOREACH(vfsp, &vfsconf, vfc_list) { + bzero(&ovfs, sizeof(ovfs)); ovfs.vfc_vfsops = vfsp->vfc_vfsops; /* XXX used as flag */ strcpy(ovfs.vfc_name, vfsp->vfc_name); ovfs.vfc_index = vfsp->vfc_typenum; diff --git a/sys/net/if_mib.c b/sys/net/if_mib.c index f104b77bfd2b..de6698eaaf09 100644 --- a/sys/net/if_mib.c +++ b/sys/net/if_mib.c @@ -90,6 +90,7 @@ sysctl_ifdata(SYSCTL_HANDLER_ARGS) /* XXX bad syntax! */ return ENOENT; case IFDATA_GENERAL: + bzero(&ifmd, sizeof(ifmd)); strlcpy(ifmd.ifmd_name, ifp->if_xname, sizeof(ifmd.ifmd_name)); #define COPY(fld) ifmd.ifmd_##fld = ifp->if_##fld diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index 106aa56ed8a1..c15121354af6 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -598,6 +598,7 @@ div_pcblist(SYSCTL_HANDLER_ARGS) inp = inp_list[i]; if (inp->inp_gencnt <= gencnt) { struct xinpcb xi; + bzero(&xi, sizeof(xi)); xi.xi_len = sizeof xi; /* XXX should avoid extra copy */ bcopy(inp, &xi.xi_inp, sizeof *inp); diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 49e5904209b5..3b32d3ec9911 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -846,6 +846,7 @@ rip_pcblist(SYSCTL_HANDLER_ARGS) inp = inp_list[i]; if (inp->inp_gencnt <= gencnt) { struct xinpcb xi; + bzero(&xi, sizeof(xi)); xi.xi_len = sizeof xi; /* XXX should avoid extra copy */ bcopy(inp, &xi.xi_inp, sizeof *inp); diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index c3fd5166e620..4319c627ea91 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -642,6 +642,7 @@ udp_pcblist(SYSCTL_HANDLER_ARGS) inp = inp_list[i]; if (inp->inp_gencnt <= gencnt) { struct xinpcb xi; + bzero(&xi, sizeof(xi)); xi.xi_len = sizeof xi; /* XXX should avoid extra copy */ bcopy(inp, &xi.xi_inp, sizeof *inp); |