diff options
| author | Can Erkin Acar <canacar@cvs.openbsd.org> | 2011-02-12 20:45:20 +0000 |
|---|---|---|
| committer | Can Erkin Acar <canacar@cvs.openbsd.org> | 2011-02-12 20:45:20 +0000 |
| commit | b23df87c986889e61f6097d1eb01d3f8ea1878e8 (patch) | |
| tree | 1583c725f9f99c4b39f9dd8e6cd27e48d30d307f /sys | |
| parent | 2301cfd6e6905092ba138249d5c6f22594a8d77b (diff) | |
Clear the filter memory area before using it. Leaving it uninitialized may
leak previous kernel stack contents through a malicioius BPF filter.
Reported by Dan Rosenberg via Alistair Crooks. ok deraadt@, krw@,
claudio@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/bpf_filter.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/net/bpf_filter.c b/sys/net/bpf_filter.c index a558828ff72..3e56866861c 100644 --- a/sys/net/bpf_filter.c +++ b/sys/net/bpf_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf_filter.c,v 1.21 2010/04/21 16:49:34 otto Exp $ */ +/* $OpenBSD: bpf_filter.c,v 1.22 2011/02/12 20:45:19 canacar Exp $ */ /* $NetBSD: bpf_filter.c,v 1.12 1996/02/13 22:00:00 christos Exp $ */ /* @@ -162,6 +162,8 @@ bpf_filter(pc, p, wirelen, buflen) u_int32_t k; int32_t mem[BPF_MEMWORDS]; + bzero(mem, sizeof(mem)); + if (pc == 0) /* * No filter means accept all. |