diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2023-12-11 14:19:09 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2023-12-14 14:29:42 +0000 |
| commit | d76303c9d326f1543fbe64f98b8a875228020910 (patch) | |
| tree | 5613fee3a961ab4094b77031433daa6cb23aeecf | |
| parent | a9dcfac2fd6a26671b707d15727935ed24c681b5 (diff) | |
| download | src-d76303c9d326f1543fbe64f98b8a875228020910.tar.gz src-d76303c9d326f1543fbe64f98b8a875228020910.zip | |
tty: Avoid a kernel memory discloure via kern.ttys
Four pad bytes at the end of each xtty structure were not being cleared
before being copied out. Fix this by clearing the whole structure
before populating fields.
MFC after: 3 days
Reported by: KMSAN
(cherry picked from commit 3c0fb026b2fc998fa9bea8aed76e96c58671aee3)
| -rw-r--r-- | sys/kern/tty.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/kern/tty.c b/sys/kern/tty.c index f80ffd4921e6..c63a03183f1b 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -1279,6 +1279,7 @@ tty_to_xtty(struct tty *tp, struct xtty *xt) tty_assert_locked(tp); + memset(xt, 0, sizeof(*xt)); xt->xt_size = sizeof(struct xtty); xt->xt_insize = ttyinq_getsize(&tp->t_inq); xt->xt_incc = ttyinq_bytescanonicalized(&tp->t_inq); |