From 2e5f9189bb92b6f77ed7ac4608a058e69e2b5bee Mon Sep 17 00:00:00 2001 From: Ed Maste Date: Thu, 31 Oct 2019 20:42:36 +0000 Subject: [PATCH] avoid kernel stack data leak in core dump thrmisc note bzero the entire thrmisc struct, not just the padding. Other core dump notes are already done this way. Reported by: Ilja Van Sprundel Reviewed by: markj MFC after: 3 days Sponsored by: The FreeBSD Foundation --- sys/kern/imgact_elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c index 7154bad03bdd..804fbbb1b89d 100644 --- a/sys/kern/imgact_elf.c +++ b/sys/kern/imgact_elf.c @@ -2229,7 +2229,7 @@ __elfN(note_thrmisc)(void *arg, struct sbuf *sb, size_t *sizep) td = (struct thread *)arg; if (sb != NULL) { KASSERT(*sizep == sizeof(thrmisc), ("invalid size")); - bzero(&thrmisc._pad, sizeof(thrmisc._pad)); + bzero(&thrmisc, sizeof(thrmisc)); strcpy(thrmisc.pr_tname, td->td_name); sbuf_bcat(sb, &thrmisc, sizeof(thrmisc)); }