From 06302de20de84d17c22fb8a541b42dabef4c8173 Mon Sep 17 00:00:00 2001
From: Jung-uk Kim <jkim@FreeBSD.org>
Date: Thu, 28 Aug 2008 16:40:51 +0000
Subject: [PATCH] Initialize scratch memory for JIT-compiled filter when it is
 allocated. Previously it may have contained unnecessary (even sensitive) data
 from the previous allocation. As a (good) side effect, scratch memory may be
 used to store the previous filter state(s) safely because it is allocated and
 freed with filter itself. However, use it carefully because bpf_filter(9)
 does not have this behavior.

MFC after:	3 days
---
 sys/net/bpf_jitter.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sys/net/bpf_jitter.c b/sys/net/bpf_jitter.c
index d15bc93b69b3..cb644f4d95ea 100644
--- a/sys/net/bpf_jitter.c
+++ b/sys/net/bpf_jitter.c
@@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/sysctl.h>
 #else
 #include <stdlib.h>
+#include <string.h>
 #include <sys/types.h>
 #endif
 
@@ -67,7 +68,7 @@ bpf_jitter(struct bpf_insn *fp, int nins)
 
 	/* Allocate the filter structure */
 	filter = (struct bpf_jit_filter *)malloc(sizeof(*filter),
-	    M_BPFJIT, M_NOWAIT);
+	    M_BPFJIT, M_NOWAIT | M_ZERO);
 	if (filter == NULL)
 		return (NULL);
 
@@ -104,6 +105,7 @@ bpf_jitter(struct bpf_insn *fp, int nins)
 	filter = (struct bpf_jit_filter *)malloc(sizeof(*filter));
 	if (filter == NULL)
 		return (NULL);
+	memset(filter, 0, sizeof(*filter));
 
 	/* No filter means accept all */
 	if (fp == NULL || nins == 0) {