diff options
| author |   claudio <claudio@openbsd.org> | 2019-01-07 07:49:38 +0000 |
|---|---|---|
| committer | claudio <claudio@openbsd.org> | 2019-01-07 07:49:38 +0000 |
| commit | 72c38212f93c28c2e7717e73e21012f34de0c308 (patch) | |
| tree | 224f9decccf48aeaf8756971d93d4f93c9726568 | |
| parent | Represent mdoc(7) .Pp (and .sp, and some SYNOPSIS and .Rs features) (diff) | |
| download | wireguard-openbsd-72c38212f93c28c2e7717e73e21012f34de0c308.tar.xz wireguard-openbsd-72c38212f93c28c2e7717e73e21012f34de0c308.zip | |
It is possible to call m_zero with a read-only cluster. In that case just
return. Hopefully the other reference holder has the M_ZEROIZE flag set as
well. Triggered by syzkaller. OK deradt@ visa@
Reported-by: syzbot+c578107d70008715d41f@syzkaller.appspotmail.com
| -rw-r--r-- | sys/kern/uipc_mbuf.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/sys/kern/uipc_mbuf.c b/sys/kern/uipc_mbuf.c index 2601e292702..a06d4be8c26 100644 --- a/sys/kern/uipc_mbuf.c +++ b/sys/kern/uipc_mbuf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_mbuf.c,v 1.262 2018/11/30 09:23:31 claudio Exp $ */ +/* $OpenBSD: uipc_mbuf.c,v 1.263 2019/01/07 07:49:38 claudio Exp $ */ /* $NetBSD: uipc_mbuf.c,v 1.15.4.1 1996/06/13 17:11:44 cgd Exp $ */ /* @@ -1262,11 +1262,8 @@ m_devget(char *buf, int totlen, int off) void m_zero(struct mbuf *m) { -#ifdef DIAGNOSTIC - if (M_READONLY(m)) - panic("m_zero: M_READONLY"); -#endif /* DIAGNOSTIC */ - + if (M_READONLY(m)) /* can't m_zero a shared buffer */ + return; explicit_bzero(M_DATABUF(m), M_SIZE(m)); } |