aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGordon Tetlow <gordon@FreeBSD.org>2018-09-27 18:36:30 +0000
committerGordon Tetlow <gordon@FreeBSD.org>2018-09-27 18:36:30 +0000
commit3e9337c6b211e778829ed3af783cd41447a8721b (patch)
tree7595df280792a2420c93bf1a9cf03d259e1dd3ba
parent8c743a4ed41b46ec72e47b8d4e1364d56ceba9b3 (diff)
downloadsrc-releng/11.1.tar.gz
src-releng/11.1.zip
Fix small kernel memory disclosures. [EN-18:12.mem]releng/11.1
Reported by: Thomas Barabosch, Fraunhofer FKIE Approved by: so Security: FreeBSD-EN-18:12.mem Security: CVE-2018-17155
Notes
Notes: svn path=/releng/11.1/; revision=338981
-rw-r--r--sys/kern/kern_context.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/kern/kern_context.c b/sys/kern/kern_context.c
index 70751d02cba8..acd3ded2a20c 100644
--- a/sys/kern/kern_context.c
+++ b/sys/kern/kern_context.c
@@ -68,6 +68,7 @@ sys_getcontext(struct thread *td, struct getcontext_args *uap)
if (uap->ucp == NULL)
ret = EINVAL;
else {
+ bzero(&uc, sizeof(ucontext_t));
get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET);
PROC_LOCK(td->td_proc);
uc.uc_sigmask = td->td_sigmask;
@@ -108,6 +109,7 @@ sys_swapcontext(struct thread *td, struct swapcontext_args *uap)
if (uap->oucp == NULL || uap->ucp == NULL)
ret = EINVAL;
else {
+ bzero(&uc, sizeof(ucontext_t));
get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET);
bzero(uc.__spare__, sizeof(uc.__spare__));
PROC_LOCK(td->td_proc);