From 64462c817dba3fa9ce6a40d86982615cad24f821 Mon Sep 17 00:00:00 2001 From: guenther Date: Sun, 3 May 2015 02:02:15 +0000 Subject: [PATCH] Make sure we don't leak bytes from malloced memory in the padding of struct dirent. (The memset in previous commit was both wrong and insufficient.) problem with memset noted by brad@ and jsg@ ok millert@ --- sys/nfs/nfs_vnops.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/nfs/nfs_vnops.c b/sys/nfs/nfs_vnops.c index 839624970d8..9f563810f97 100644 --- a/sys/nfs/nfs_vnops.c +++ b/sys/nfs/nfs_vnops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_vnops.c,v 1.163 2015/04/17 04:43:21 guenther Exp $ */ +/* $OpenBSD: nfs_vnops.c,v 1.164 2015/05/03 02:02:15 guenther Exp $ */ /* $NetBSD: nfs_vnops.c,v 1.62.4.1 1996/07/08 20:26:52 jtc Exp $ */ /* @@ -1991,7 +1991,8 @@ nfs_readdir(void *v) cnt = 5; - data = malloc(NFS_DIRBLKSIZ, M_TEMP, M_WAITOK); + /* M_ZERO to avoid leaking kernel data in dirent padding */ + data = malloc(NFS_DIRBLKSIZ, M_TEMP, M_WAITOK|M_ZERO); do { struct nfs_dirent *ndp = data; @@ -2174,7 +2175,6 @@ nfs_readdirrpc(struct vnode *vp, struct uio *uiop, struct ucred *cred, ndp = (struct nfs_dirent *) uiop->uio_iov->iov_base; dp = &ndp->dirent; - memset(dp, 0, sizeof(dp)); dp->d_fileno = fileno; dp->d_namlen = len; dp->d_reclen = tlen; -- 2.20.1