Page MenuHomeFreeBSD

kern: zero out stack buffer after copying out random bits
ClosedPublic

Authored by kevans on Jul 15 2024, 3:56 PM.
Tags
None
Referenced Files
F93163664: D45978.diff
Sat, Sep 7, 7:05 PM
Unknown Object (File)
Wed, Aug 28, 10:24 AM
Unknown Object (File)
Wed, Aug 21, 2:06 PM
Unknown Object (File)
Jul 30 2024, 6:59 AM
Unknown Object (File)
Jul 24 2024, 4:22 AM
Unknown Object (File)
Jul 24 2024, 3:02 AM
Unknown Object (File)
Jul 19 2024, 6:37 PM
Unknown Object (File)
Jul 18 2024, 5:37 PM
Subscribers

Details

Summary

The kern.arandom sysctl handler uses an intermediate buffer on the stack
to hold random data that it subsequently copies out to the sysctl
request. Err on the side of caution and zero out the stack buffer after
we're done with it to avoid a potential entropy leak later on.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 58650
Build 55538: arc lint + arc unit