kern___realpathat(): fix uninitialized memory read
ClosedPublic
Actions

Authored by kib on Nov 25 2024, 6:58 PM.

Details

Reviewers

Commits

rGbde575b273ee: kern___realpathat(): honor uio_seg argument
rG67218bcea847: kern___realpathat(): do not copyout past end of string
rG31784ee1e37d: kern___realpathat(): style

Summary

kern___realpathat(): style

kern___realpathat(): do not copyout past end of string    
Reported and tested by:    pho

kern___realpathat(): honor uio_seg argument

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

kib created this revision.Nov 25 2024, 6:58 PM

Herald added subscribers: olce, imp. · View Herald TranscriptNov 25 2024, 6:58 PM

Just realized that this is a kernel memory exposure.

kib retitled this revision from kern___readlink(): fix uninitialized memory read to kern___realpathat(): fix uninitialized memory read.Nov 25 2024, 7:01 PM

In D47739#1088673, @kib wrote:

Just realized that this is a kernel memory exposure.

Yes :(

It looks like the problem can happen "only" when a nullfs file mount is present?

This revision is now accepted and ready to land.Nov 25 2024, 7:29 PM

In D47739#1088711, @markj wrote:

In D47739#1088673, @kib wrote:

Just realized that this is a kernel memory exposure.

Yes :(

It looks like the problem can happen "only" when a nullfs file mount is present?