mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-17 05:43:59 +00:00
Don't leave the padding between the msg header and the cmsg data,
and the padding after the cmsg data un-initialized. Submitted by: tuexen Security: CVE-2014-3952 Security: FreeBSD-SA-14:17.kmem
This commit is contained in:
parent
725d072732
commit
2827952eb4
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=268430
|
@ -1071,6 +1071,11 @@ sbcreatecontrol(caddr_t p, int size, int type, int level)
|
|||
m->m_len = 0;
|
||||
KASSERT(CMSG_SPACE((u_int)size) <= M_TRAILINGSPACE(m),
|
||||
("sbcreatecontrol: short mbuf"));
|
||||
/*
|
||||
* Don't leave the padding between the msg header and the
|
||||
* cmsg data and the padding after the cmsg data un-initialized.
|
||||
*/
|
||||
bzero(cp, CMSG_SPACE((u_int)size));
|
||||
if (p != NULL)
|
||||
(void)memcpy(CMSG_DATA(cp), p, size);
|
||||
m->m_len = CMSG_SPACE(size);
|
||||
|
|
Loading…
Reference in a new issue