system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-17 05:43:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't leave the padding between the msg header and the cmsg data,

Browse source 
and the padding after the cmsg data un-initialized.

Submitted by:	tuexen
Security:	CVE-2014-3952
Security:	FreeBSD-SA-14:17.kmem
This commit is contained in:
Xin LI 2014-07-08 21:54:23 +00:00
parent 725d072732
commit 2827952eb4
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=268430
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
sys/kern/uipc_sockbuf.c
View file

@ -1071,6 +1071,11 @@ sbcreatecontrol(caddr_t p, int size, int type, int level)
m->m_len = 0;
KASSERT(CMSG_SPACE((u_int)size) <= M_TRAILINGSPACE(m),
("sbcreatecontrol: short mbuf"));
/*
* Don't leave the padding between the msg header and the
* cmsg data and the padding after the cmsg data un-initialized.
*/
bzero(cp, CMSG_SPACE((u_int)size));
if (p != NULL)
(void)memcpy(CMSG_DATA(cp), p, size);
m->m_len = CMSG_SPACE(size);