Zero the ifr.ifr_name buffer in ifconf() in order to avoid
accidental disclosure of kernel memory to userland. Security: FreeBSD-SA-05:04.ifconf
This commit is contained in:
parent
27a2f39bcf
commit
fbd24c5ed6
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=145095
@ -1596,6 +1596,12 @@ ifconf(u_long cmd, caddr_t data)
|
||||
TAILQ_FOREACH(ifp, &ifnet, if_link) {
|
||||
int addrs;
|
||||
|
||||
/*
|
||||
* Zero the ifr_name buffer to make sure we don't
|
||||
* disclose the contents of the stack.
|
||||
*/
|
||||
memset(ifr.ifr_name, 0, sizeof(ifr.ifr_name));
|
||||
|
||||
if (strlcpy(ifr.ifr_name, ifp->if_xname, sizeof(ifr.ifr_name))
|
||||
>= sizeof(ifr.ifr_name))
|
||||
return (ENAMETOOLONG);
|
||||
|
Loading…
Reference in New Issue
Block a user