HomeFreeBSD
Diffusion FreeBSD src repository - subversion rS315510

nanosleep: plug a kernel memory disclosure
rS315510
Actions

Description

nanosleep: plug a kernel memory disclosure

nanosleep() updates rmtp on EINVAL. In that case, kern_nanosleep()
has not updated rmt, so sys_nanosleep() updates the user-space rmtp
by copying garbage from its stack frame. This is not only a kernel
memory disclosure, it's also not POSIX-compliant. Fix it to update
rmtp only on EINTR.

Reviewed by: jilles (via D10020), dchagin
MFC after: 3 days
Security: possibly
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D10044

Details

Provenance
vangyzenAuthored on
Reviewer
jilles
Differential Revision
D10044: nanosleep: plug a kernel memory disclosure
Parents
rS315509: Decode arguments passed to kldsym() and kldunloadf().
Branches
Unknown
Tags
Unknown

Changes (3)

PathSize
head/
sys/
compat/
freebsd32/
linux/
kern/

rS315510

View Options

head/sys/compat/freebsd32/freebsd32_misc.c

Loading...
View Options

head/sys/compat/linux/linux_time.c

Loading...
View Options

head/sys/kern/kern_time.c

Loading...