freebsd-skq/sys/dev/hptrr
Ed Maste 5d8501f487 hpt{nr,rr}: plug info leak in hpt_ioctl
The hpt{nr,rr} ioctl handler allocates a buffer without M_ZERO and calls
hpt_do_ioctl(), which might not overwrite the entire buffer.

Also zero bytesReturned in case it is not written by hpt_do_ioctl().

The hpt27{nr,rr} device has permissions only for root so this is not urgent,
and the fix can be MFCd and considered for a future EN.

The same issue was reported in the hpt27xx driver by Ilja Van Sprundel.

Reviewed by:	jhb, kib
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2018-01-02 18:31:32 +00:00
..
amd64-elf.hptrr_lib.o.uu
array.h
him.h
himfuncs.h
hptintf.h
hptrr_config.c
hptrr_config.h
hptrr_os_bsd.c
hptrr_osm_bsd.c
i386-elf.hptrr_lib.o.uu
ldm.h
list.h
os_bsd.h
osm.h