Diffusion FreeBSD src repository - subversion rS315657

MFC r315510
rS315657
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

MFC r315510

nanosleep: plug a kernel memory disclosure

nanosleep() updates rmtp on EINVAL. In that case, kern_nanosleep()
has not updated rmt, so sys_nanosleep() updates the user-space rmtp
by copying garbage from its stack frame. This is not only a kernel
memory disclosure, it's also not POSIX-compliant. Fix it to update
rmtp only on EINTR.

Security: possibly
Sponsored by: Dell EMC

Details

Provenance

Authored on

Parents

rS315656: Fix back-to-back runs of sys/netinet/fibs_test;slaac_on_nondefault_fib6

Branches

Unknown

Tags

Unknown

Event Timeline

vangyzen committed rS315657: MFC r315510.Mar 21 2017, 1:23 AM

Changes (4)

Path

Size

stable/

11/

sys/

compat/

freebsd32/

freebsd32_misc.c

linux/

kern/

rS315657

stable/11/

Loading...

stable/11/sys/compat/freebsd32/freebsd32_misc.c

Loading...

stable/11/sys/compat/linux/linux_time.c

Loading...

stable/11/sys/kern/kern_time.c

Loading...