From 347a8ed1bf188f0eca90771f0b458566e215e50e Mon Sep 17 00:00:00 2001 From: Ed Maste Date: Mon, 21 Jan 2019 17:12:16 +0000 Subject: [PATCH] linuxulator: fix stack memory disclosure in linux_sigaltstack Most siginfo_to_lsiginfo callers already zeroed the l_siginfo_t before callit it, but linux_waitid did not. Instead of zeroing in the called function to address linux_waitid (as in commit 2e6ebe70), just do it in linux_waitid. admbugs: 765 Reported by: Vlad Tsyrklevich Reviewed by: Andrew MFC after: 1 day Security: Kernel stack memory disclosure Sponsored by: The FreeBSD Foundation --- sys/compat/linux/linux_misc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c index 5dcc8c64788..f888a2640d1 100644 --- a/sys/compat/linux/linux_misc.c +++ b/sys/compat/linux/linux_misc.c @@ -1089,9 +1089,8 @@ linux_waitid(struct thread *td, struct linux_waitid_args *args) } if (args->info != NULL) { p = td->td_proc; - if (td->td_retval[0] == 0) - bzero(&lsi, sizeof(lsi)); - else { + bzero(&lsi, sizeof(lsi)); + if (td->td_retval[0] != 0) { sig = bsd_to_linux_signal(siginfo.si_signo); siginfo_to_lsiginfo(&siginfo, &lsi, sig); }