diff options
| author | Gordon Tetlow <gordon@FreeBSD.org> | 2018-09-27 18:36:30 +0000 |
|---|---|---|
| committer | Gordon Tetlow <gordon@FreeBSD.org> | 2018-09-27 18:36:30 +0000 |
| commit | 3e9337c6b211e778829ed3af783cd41447a8721b (patch) | |
| tree | 7595df280792a2420c93bf1a9cf03d259e1dd3ba | |
| parent | 8c743a4ed41b46ec72e47b8d4e1364d56ceba9b3 (diff) | |
Fix small kernel memory disclosures. [EN-18:12.mem]releng/11.1
Reported by: Thomas Barabosch, Fraunhofer FKIE
Approved by: so
Security: FreeBSD-EN-18:12.mem
Security: CVE-2018-17155
Notes
Notes:
svn path=/releng/11.1/; revision=338981
| -rw-r--r-- | sys/kern/kern_context.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/kern/kern_context.c b/sys/kern/kern_context.c index 70751d02cba8..acd3ded2a20c 100644 --- a/sys/kern/kern_context.c +++ b/sys/kern/kern_context.c @@ -68,6 +68,7 @@ sys_getcontext(struct thread *td, struct getcontext_args *uap) if (uap->ucp == NULL) ret = EINVAL; else { + bzero(&uc, sizeof(ucontext_t)); get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET); PROC_LOCK(td->td_proc); uc.uc_sigmask = td->td_sigmask; @@ -108,6 +109,7 @@ sys_swapcontext(struct thread *td, struct swapcontext_args *uap) if (uap->oucp == NULL || uap->ucp == NULL) ret = EINVAL; else { + bzero(&uc, sizeof(ucontext_t)); get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET); bzero(uc.__spare__, sizeof(uc.__spare__)); PROC_LOCK(td->td_proc); |