CyberLeo.Net >> Repos - FreeBSD/stable/10.git/commit

MFC ath(4) potential memory disclosure fixes

[1] r327499: ath: fix memory disclosure from ath_btcoex_ioctl

The ath_btcoex_ioctl handler allocated a buffer without M_ZERO and
returned it to userland without writing to it.

The device has permissions only for root so this is not urgent, and the
fix can be MFCd and considered for a future EN.

[2] r327500: ath: fix possible memory disclosures in ioctl handlers

Apply the fix from r327499 to additional ioctl handlers.

Note: related fix in r327529 does not apply directly to stable/10 and
will be addressed in a followup commit.

Submitted by: Domagoj Stolfa <domagoj.stolfa@gmail.com> [1]
Reported by: Ilja van Sprundel <ivansprundel@ioactive.com> [1,2]
Reviewed by: adrian [1]
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/stable/10@332320 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

author	emaste <emaste@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Mon, 9 Apr 2018 12:53:15 +0000 (12:53 +0000)
committer	emaste <emaste@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Mon, 9 Apr 2018 12:53:15 +0000 (12:53 +0000)
commit	f4a8aa3c586898ded4ab4750f7a42afd909d2ff2
tree	2a34c7a62c3c37a0be9ba53a00fec269ecfd761a	tree \| snapshot
parent	c4b143aa3ec94601ea2ccf7fcb2b361df38d92d8	commit \| diff

sys/dev/ath/if_ath_btcoex.c		diff \| blob \| history
sys/dev/ath/if_ath_lna_div.c		diff \| blob \| history
sys/dev/ath/if_ath_spectral.c		diff \| blob \| history