From badd992ac2bd33bdaa754aa99b542c78db8117eb Mon Sep 17 00:00:00 2001 From: Philip Guenther Date: Fri, 24 Jan 2014 06:00:02 +0000 Subject: Copy timespecs member by member in fo_stat callback functions, to avoid leaking values in the padding bytes on LP64. Also, vn_stat() was lacking the zero-fill to clean its padding. ok kettenis@ deraadt@ phessler@ --- sys/kern/sys_pipe.c | 11 +++++++---- sys/kern/uipc_usrreq.c | 25 +++++++++++++++---------- sys/kern/vfs_vnops.c | 12 ++++++++---- 3 files changed, 30 insertions(+), 18 deletions(-) diff --git a/sys/kern/sys_pipe.c b/sys/kern/sys_pipe.c index bda5911d86a..b670234c591 100644 --- a/sys/kern/sys_pipe.c +++ b/sys/kern/sys_pipe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_pipe.c,v 1.64 2014/01/21 01:48:45 tedu Exp $ */ +/* $OpenBSD: sys_pipe.c,v 1.65 2014/01/24 06:00:01 guenther Exp $ */ /* * Copyright (c) 1996 John S. Dyson @@ -688,9 +688,12 @@ pipe_stat(struct file *fp, struct stat *ub, struct proc *p) ub->st_blksize = pipe->pipe_buffer.size; ub->st_size = pipe->pipe_buffer.cnt; ub->st_blocks = (ub->st_size + ub->st_blksize - 1) / ub->st_blksize; - ub->st_atim = pipe->pipe_atime; - ub->st_mtim = pipe->pipe_mtime; - ub->st_ctim = pipe->pipe_ctime; + ub->st_atim.tv_sec = pipe->pipe_atime.tv_sec; + ub->st_atim.tv_nsec = pipe->pipe_atime.tv_nsec; + ub->st_mtim.tv_sec = pipe->pipe_mtime.tv_sec; + ub->st_mtim.tv_nsec = pipe->pipe_mtime.tv_nsec; + ub->st_ctim.tv_sec = pipe->pipe_ctime.tv_sec; + ub->st_ctim.tv_nsec = pipe->pipe_ctime.tv_nsec; ub->st_uid = fp->f_cred->cr_uid; ub->st_gid = fp->f_cred->cr_gid; /* diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index d0c809c18a9..e8e86297b98 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_usrreq.c,v 1.71 2013/04/05 08:25:30 tedu Exp $ */ +/* $OpenBSD: uipc_usrreq.c,v 1.72 2014/01/24 06:00:01 guenther Exp $ */ /* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */ /* @@ -261,28 +261,33 @@ uipc_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam, unp_drop(unp, ECONNABORTED); break; - case PRU_SENSE: - ((struct stat *) m)->st_blksize = so->so_snd.sb_hiwat; + case PRU_SENSE: { + struct stat *sb = (struct stat *)m; + + sb->st_blksize = so->so_snd.sb_hiwat; switch (so->so_type) { case SOCK_STREAM: case SOCK_SEQPACKET: if (unp->unp_conn != NULL) { so2 = unp->unp_conn->unp_socket; - ((struct stat *) m)->st_blksize += - so2->so_rcv.sb_cc; + sb->st_blksize += so2->so_rcv.sb_cc; } break; default: break; } - ((struct stat *) m)->st_dev = NODEV; + sb->st_dev = NODEV; if (unp->unp_ino == 0) unp->unp_ino = unp_ino++; - ((struct stat *) m)->st_atim = - ((struct stat *) m)->st_mtim = - ((struct stat *) m)->st_ctim = unp->unp_ctime; - ((struct stat *) m)->st_ino = unp->unp_ino; + sb->st_atim.tv_sec = + sb->st_mtim.tv_sec = + sb->st_ctim.tv_sec = unp->unp_ctime.tv_sec; + sb->st_atim.tv_nsec = + sb->st_mtim.tv_nsec = + sb->st_ctim.tv_nsec = unp->unp_ctime.tv_nsec; + sb->st_ino = unp->unp_ino; return (0); + } case PRU_RCVOOB: return (EOPNOTSUPP); diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index e00ebf8bbbc..39123cbcffe 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_vnops.c,v 1.74 2013/09/14 02:28:01 guenther Exp $ */ +/* $OpenBSD: vfs_vnops.c,v 1.75 2014/01/24 06:00:01 guenther Exp $ */ /* $NetBSD: vfs_vnops.c,v 1.20 1996/02/04 02:18:41 christos Exp $ */ /* @@ -405,6 +405,7 @@ vn_stat(struct vnode *vp, struct stat *sb, struct proc *p) /* * Copy from vattr table */ + memset(sb, 0, sizeof(*sb)); sb->st_dev = va.va_fsid; sb->st_ino = va.va_fileid; mode = va.va_mode; @@ -439,9 +440,12 @@ vn_stat(struct vnode *vp, struct stat *sb, struct proc *p) sb->st_gid = va.va_gid; sb->st_rdev = va.va_rdev; sb->st_size = va.va_size; - sb->st_atim = va.va_atime; - sb->st_mtim = va.va_mtime; - sb->st_ctim = va.va_ctime; + sb->st_atim.tv_sec = va.va_atime.tv_sec; + sb->st_atim.tv_nsec = va.va_atime.tv_nsec; + sb->st_mtim.tv_sec = va.va_mtime.tv_sec; + sb->st_mtim.tv_nsec = va.va_mtime.tv_nsec; + sb->st_ctim.tv_sec = va.va_ctime.tv_sec; + sb->st_ctim.tv_nsec = va.va_ctime.tv_nsec; sb->st_blksize = va.va_blocksize; sb->st_flags = va.va_flags; sb->st_gen = va.va_gen; -- cgit v1.2.3