From: guenther Date: Sun, 3 May 2015 02:02:15 +0000 (+0000) Subject: Make sure we don't leak bytes from malloced memory in the padding of struct X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=64462c817dba3fa9ce6a40d86982615cad24f821;p=openbsd Make sure we don't leak bytes from malloced memory in the padding of struct dirent. (The memset in previous commit was both wrong and insufficient.) problem with memset noted by brad@ and jsg@ ok millert@ --- diff --git a/sys/nfs/nfs_vnops.c b/sys/nfs/nfs_vnops.c index 839624970d8..9f563810f97 100644 --- a/sys/nfs/nfs_vnops.c +++ b/sys/nfs/nfs_vnops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_vnops.c,v 1.163 2015/04/17 04:43:21 guenther Exp $ */ +/* $OpenBSD: nfs_vnops.c,v 1.164 2015/05/03 02:02:15 guenther Exp $ */ /* $NetBSD: nfs_vnops.c,v 1.62.4.1 1996/07/08 20:26:52 jtc Exp $ */ /* @@ -1991,7 +1991,8 @@ nfs_readdir(void *v) cnt = 5; - data = malloc(NFS_DIRBLKSIZ, M_TEMP, M_WAITOK); + /* M_ZERO to avoid leaking kernel data in dirent padding */ + data = malloc(NFS_DIRBLKSIZ, M_TEMP, M_WAITOK|M_ZERO); do { struct nfs_dirent *ndp = data; @@ -2174,7 +2175,6 @@ nfs_readdirrpc(struct vnode *vp, struct uio *uiop, struct ucred *cred, ndp = (struct nfs_dirent *) uiop->uio_iov->iov_base; dp = &ndp->dirent; - memset(dp, 0, sizeof(dp)); dp->d_fileno = fileno; dp->d_namlen = len; dp->d_reclen = tlen;