Fix kernel memory disclosure in linux_ioctl_socket

strlcpy is used to copy a string into a buffer to be copied to userland, previously leaving uninitialized data after the terminating NUL. Zero the buffer first to avoid a kernel memory disclosure. admbugs: 765, 811 MFC after: 1 day Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com> Reported by: Vlad Tsyrklevich Sponsored by: The FreeBSD Foundation
svn path=/head/; revision=332042
2018-04-04 19:58:25 +00:00 · 2018-04-04 19:58:25 +00:00 · 19406511e5 · 2020-12-20 02:59:44 +00:00
commit 19406511e5
parent 65436b2e12
1 changed files with 1 additions and 0 deletions
--- a/sys/compat/linux/linux_ioctl.c
+++ b/sys/compat/linux/linux_ioctl.c
@ -2478,6 +2478,7 @@ linux_ioctl_socket(struct thread *td, struct linux_ioctl_args *args)
 		printf("%s(): ioctl %d on %.*s\n", __func__,
 		    args->cmd & 0xffff, LINUX_IFNAMSIZ, lifname);
 #endif
+		memset(ifname, 0, sizeof(ifname));
 		ifp = ifname_linux_to_bsd(td, lifname, ifname);
 		if (ifp == NULL)
 			return (EINVAL);