diff options
| author |   guenther <guenther@openbsd.org> | 2015-05-03 02:02:15 +0000 |
|---|---|---|
| committer | guenther <guenther@openbsd.org> | 2015-05-03 02:02:15 +0000 |
| commit | 64462c817dba3fa9ce6a40d86982615cad24f821 (patch) | |
| tree | cac6f655ec4b9f5a8ff984b1a4c7dcbef5d54018 | |
| parent | Eliminate the -U flag and make usage of DUID in /etc/dumpdates the default. (diff) | |
| download | wireguard-openbsd-64462c817dba3fa9ce6a40d86982615cad24f821.tar.xz wireguard-openbsd-64462c817dba3fa9ce6a40d86982615cad24f821.zip | |
Make sure we don't leak bytes from malloced memory in the padding of struct
dirent. (The memset in previous commit was both wrong and insufficient.)
problem with memset noted by brad@ and jsg@
ok millert@
| -rw-r--r-- | sys/nfs/nfs_vnops.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/nfs/nfs_vnops.c b/sys/nfs/nfs_vnops.c index 839624970d8..9f563810f97 100644 --- a/sys/nfs/nfs_vnops.c +++ b/sys/nfs/nfs_vnops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_vnops.c,v 1.163 2015/04/17 04:43:21 guenther Exp $ */ +/* $OpenBSD: nfs_vnops.c,v 1.164 2015/05/03 02:02:15 guenther Exp $ */ /* $NetBSD: nfs_vnops.c,v 1.62.4.1 1996/07/08 20:26:52 jtc Exp $ */ /* @@ -1991,7 +1991,8 @@ nfs_readdir(void *v) cnt = 5; - data = malloc(NFS_DIRBLKSIZ, M_TEMP, M_WAITOK); + /* M_ZERO to avoid leaking kernel data in dirent padding */ + data = malloc(NFS_DIRBLKSIZ, M_TEMP, M_WAITOK|M_ZERO); do { struct nfs_dirent *ndp = data; @@ -2174,7 +2175,6 @@ nfs_readdirrpc(struct vnode *vp, struct uio *uiop, struct ucred *cred, ndp = (struct nfs_dirent *) uiop->uio_iov->iov_base; dp = &ndp->dirent; - memset(dp, 0, sizeof(dp)); dp->d_fileno = fileno; dp->d_namlen = len; dp->d_reclen = tlen; |