d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent kernel stack disclosure in getcontext/swapcontext

Browse Source 
Expand r338982 to cover freebsd32 interfaces on amd64, mips, and powerpc.

MFC after:	2 days
Security:	FreeBSD-EN-18:12.mem
Security:	CVE-2018-17155
Sponsored by:	Dell EMC Isilon
This commit is contained in:
Eric van Gyzen 2018-11-26 20:50:55 +00:00
parent ec60b7f929
commit f5e7d8bdb5
3 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/amd64/ia32/ia32_signal.c
View File

@ -261,6 +261,7 @@ freebsd32_getcontext(struct thread *td, struct freebsd32_getcontext_args *uap)
if (uap->ucp == NULL)
ret = EINVAL;
else {
bzero(&uc, sizeof(uc));
ia32_get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET);
PROC_LOCK(td->td_proc);
uc.uc_sigmask = td->td_sigmask;
@ -301,6 +302,7 @@ freebsd32_swapcontext(struct thread *td, struct freebsd32_swapcontext_args *uap)
if (uap->oucp == NULL || uap->ucp == NULL)
ret = EINVAL;
else {
bzero(&uc, sizeof(uc));
ia32_get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET);
PROC_LOCK(td->td_proc);
uc.uc_sigmask = td->td_sigmask;

2
sys/mips/mips/freebsd32_machdep.c
View File

@ -294,6 +294,7 @@ freebsd32_getcontext(struct thread *td, struct freebsd32_getcontext_args *uap)
if (uap->ucp == NULL)
ret = EINVAL;
else {
bzero(&uc, sizeof(uc));
get_mcontext32(td, &uc.uc_mcontext, GET_MC_CLEAR_RET);
PROC_LOCK(td->td_proc);
uc.uc_sigmask = td->td_sigmask;
@ -333,6 +334,7 @@ freebsd32_swapcontext(struct thread *td, struct freebsd32_swapcontext_args *uap)
if (uap->oucp == NULL || uap->ucp == NULL)
ret = EINVAL;
else {
bzero(&uc, sizeof(uc));
get_mcontext32(td, &uc.uc_mcontext, GET_MC_CLEAR_RET);
PROC_LOCK(td->td_proc);
uc.uc_sigmask = td->td_sigmask;

2
sys/powerpc/powerpc/exec_machdep.c
View File

@ -785,6 +785,7 @@ freebsd32_getcontext(struct thread *td, struct freebsd32_getcontext_args *uap)
if (uap->ucp == NULL)
ret = EINVAL;
else {
bzero(&uc, sizeof(uc));
get_mcontext32(td, &uc.uc_mcontext, GET_MC_CLEAR_RET);
PROC_LOCK(td->td_proc);
uc.uc_sigmask = td->td_sigmask;
@ -824,6 +825,7 @@ freebsd32_swapcontext(struct thread *td, struct freebsd32_swapcontext_args *uap)
if (uap->oucp == NULL || uap->ucp == NULL)
ret = EINVAL;
else {
bzero(&uc, sizeof(uc));
get_mcontext32(td, &uc.uc_mcontext, GET_MC_CLEAR_RET);
PROC_LOCK(td->td_proc);
uc.uc_sigmask = td->td_sigmask;