CyberLeo.Net >> Repos - FreeBSD/stable/10.git/commit

]> CyberLeo.Net >> Repos - FreeBSD/stable/10.git/commit

projects / FreeBSD / stable / 10.git / commit

author	vangyzen <vangyzen@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Tue, 21 Mar 2017 01:24:56 +0000 (01:24 +0000)
committer	vangyzen <vangyzen@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Tue, 21 Mar 2017 01:24:56 +0000 (01:24 +0000)
commit	c3c928ed0c7a16e8b3594a4e89ac0d1f2c9fb9eb
tree	38045c69fcc87f27332a5d18235a9c269d297727	tree \| snapshot
parent	77a4f4ef7027952d6821b5c2d1e664ab1db2070a	commit \| diff

MFC r315510

nanosleep: plug a kernel memory disclosure

nanosleep() updates rmtp on EINVAL.  In that case, kern_nanosleep()
has not updated rmt, so sys_nanosleep() updates the user-space rmtp
by copying garbage from its stack frame.  This is not only a kernel
memory disclosure, it's also not POSIX-compliant.  Fix it to update
rmtp only on EINTR.

Security: possibly
Sponsored by: Dell EMC

git-svn-id: svn://svn.freebsd.org/base/stable/10@315658 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

sys/compat/freebsd32/freebsd32_misc.c		diff \| blob \| history
sys/compat/linux/linux_time.c		diff \| blob \| history
sys/kern/kern_time.c		diff \| blob \| history

10-STABLE

RSS Atom