From e6cea1ca6d69473ac07595a1f45684735bbf8e9b Mon Sep 17 00:00:00 2001 From: emaste Date: Wed, 24 Jul 2019 16:51:14 +0000 Subject: [PATCH] pf: zero output buffer in pfioctl Avoid potential structure padding leak. Reported by: Vlad Tsyrklevich Reviewed by: kp MFC after: 3 days Security: Potential kernel memory disclosure Sponsored by: The FreeBSD Foundation --- sys/netpfil/pf/pf_ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 1395d9d69f17..cfd583325cd9 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -2169,7 +2169,7 @@ relock_DIOCKILLSTATES: break; } - p = pstore = malloc(ps->ps_len, M_TEMP, M_WAITOK); + p = pstore = malloc(ps->ps_len, M_TEMP, M_WAITOK | M_ZERO); nr = 0; for (i = 0; i <= pf_hashmask; i++) {