Zero the ifr.ifr_name buffer in ifconf() in order to avoid

accidental disclosure of kernel memory to userland. Security: FreeBSD-SA-05:04.ifconf
svn path=/head/; revision=145095
2005-04-15 01:52:40 +00:00 · 2005-04-15 01:52:40 +00:00 · fbd24c5ed6 · 2020-12-20 02:59:44 +00:00
commit fbd24c5ed6
parent 27a2f39bcf
1 changed files with 6 additions and 0 deletions
--- a/sys/net/if.c
+++ b/sys/net/if.c
@ -1596,6 +1596,12 @@ ifconf(u_long cmd, caddr_t data)
 	TAILQ_FOREACH(ifp, &ifnet, if_link) {
 		int addrs;

+		/*
+		 * Zero the ifr_name buffer to make sure we don't
+		 * disclose the contents of the stack.
+		 */
+		memset(ifr.ifr_name, 0, sizeof(ifr.ifr_name));
+
 		if (strlcpy(ifr.ifr_name, ifp->if_xname, sizeof(ifr.ifr_name))
 		    >= sizeof(ifr.ifr_name))
 			return (ENAMETOOLONG);