]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1677e96) | patch
MFC r315510
authorvangyzen <vangyzen@FreeBSD.org>
Tue, 21 Mar 2017 01:23:34 +0000 (01:23 +0000)
committervangyzen <vangyzen@FreeBSD.org>
Tue, 21 Mar 2017 01:23:34 +0000 (01:23 +0000)
commit5e396452e4053c6aecb09fcbd6219d90c350c095
treeb00ab287de295558b6c7f26afe4009035b680306tree | snapshot
parent1677e96854d0a46d5f8179f86dd191ed2308dd4ecommit | diff
MFC r315510

nanosleep: plug a kernel memory disclosure

nanosleep() updates rmtp on EINVAL.  In that case, kern_nanosleep()
has not updated rmt, so sys_nanosleep() updates the user-space rmtp
by copying garbage from its stack frame.  This is not only a kernel
memory disclosure, it's also not POSIX-compliant.  Fix it to update
rmtp only on EINTR.

Security: possibly
Sponsored by: Dell EMC
sys/compat/freebsd32/freebsd32_misc.c diff | blob | history
sys/compat/linux/linux_time.c diff | blob | history
sys/kern/kern_time.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.