diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2006-01-05 03:28:35 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2006-01-05 03:28:35 +0000 |
| commit | d3044c92d092fef58a489cbea7e66b2c900e4623 (patch) | |
| tree | 506fc1cd179fa0e70e46f7881cea29bf3ef2d28a /sys | |
| parent | f7fe3ca086fb7214fef0de7f1a29d7db84f1b481 (diff) | |
bzero buffers after malloc, or clear string buffer before strlcpy'ing
into them, if you are gonna copy it out to userland
some ok dhartmei, some ok tedu
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/if.c | 5 | ||||
| -rw-r--r-- | sys/net/if_bridge.c | 6 |
2 files changed, 9 insertions, 2 deletions
diff --git a/sys/net/if.c b/sys/net/if.c index 2c504770746..0d616d5f8cf 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if.c,v 1.141 2005/12/22 23:55:18 canacar Exp $ */ +/* $OpenBSD: if.c,v 1.142 2006/01/05 03:28:34 deraadt Exp $ */ /* $NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $ */ /* @@ -822,6 +822,7 @@ if_clone_list(struct if_clonereq *ifcr) for (ifc = LIST_FIRST(&if_cloners); ifc != NULL && count != 0; ifc = LIST_NEXT(ifc, ifc_list), count--, dst += IFNAMSIZ) { + bzero(outbuf, sizeof outbuf); strlcpy(outbuf, ifc->ifc_name, IFNAMSIZ); error = copyout(outbuf, dst, IFNAMSIZ); if (error) @@ -1707,6 +1708,7 @@ if_getgroup(caddr_t data, struct ifnet *ifp) TAILQ_FOREACH(ifgl, &ifp->if_groups, ifgl_next) { if (len < sizeof(ifgrq)) return (EINVAL); + bzero(&ifgrq, sizeof ifgrq); strlcpy(ifgrq.ifgrq_group, ifgl->ifgl_group->ifg_group, sizeof(ifgrq.ifgrq_group)); if ((error = copyout((caddr_t)&ifgrq, (caddr_t)ifgp, @@ -1748,6 +1750,7 @@ if_getgroupmembers(caddr_t data) TAILQ_FOREACH(ifgm, &ifg->ifg_members, ifgm_next) { if (len < sizeof(ifgrq)) return (EINVAL); + bzero(&ifgrq, sizeof ifgrq); strlcpy(ifgrq.ifgrq_member, ifgm->ifgm_ifp->if_xname, sizeof(ifgrq.ifgrq_member)); if ((error = copyout((caddr_t)&ifgrq, (caddr_t)ifgp, diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index c86338ee816..7706ddce813 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_bridge.c,v 1.147 2006/01/04 06:04:41 canacar Exp $ */ +/* $OpenBSD: if_bridge.c,v 1.148 2006/01/05 03:28:34 deraadt Exp $ */ /* * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) @@ -771,6 +771,7 @@ bridge_bifconf(struct bridge_softc *sc, struct ifbifconf *bifc) } LIST_FOREACH(p, &sc->sc_iflist, next) { + bzero(&breq, sizeof breq); if (bifc->ifbic_len < sizeof(breq)) break; strlcpy(breq.ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); @@ -788,6 +789,7 @@ bridge_bifconf(struct bridge_softc *sc, struct ifbifconf *bifc) bifc->ifbic_len -= sizeof(breq); } LIST_FOREACH(p, &sc->sc_spanlist, next) { + bzero(&breq, sizeof breq); if (bifc->ifbic_len < sizeof(breq)) break; strlcpy(breq.ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); @@ -845,6 +847,7 @@ bridge_brlconf(struct bridge_softc *sc, struct ifbrlconf *bc) } SIMPLEQ_FOREACH(n, &ifl->bif_brlin, brl_next) { + bzero(&req, sizeof req); if (bc->ifbrl_len < sizeof(req)) goto done; strlcpy(req.ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); @@ -867,6 +870,7 @@ bridge_brlconf(struct bridge_softc *sc, struct ifbrlconf *bc) } SIMPLEQ_FOREACH(n, &ifl->bif_brlout, brl_next) { + bzero(&req, sizeof req); if (bc->ifbrl_len < sizeof(req)) goto done; strlcpy(req.ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); |