From 3c0fb026b2fc998fa9bea8aed76e96c58671aee3 Mon Sep 17 00:00:00 2001 From: Mark Johnston Date: Mon, 11 Dec 2023 09:19:09 -0500 Subject: [PATCH] tty: Avoid a kernel memory discloure via kern.ttys Four pad bytes at the end of each xtty structure were not being cleared before being copied out. Fix this by clearing the whole structure before populating fields. MFC after: 3 days Reported by: KMSAN --- sys/kern/tty.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/kern/tty.c b/sys/kern/tty.c index 62023394741..e051c66ab0c 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -1288,6 +1288,7 @@ tty_to_xtty(struct tty *tp, struct xtty *xt) tty_assert_locked(tp); + memset(xt, 0, sizeof(*xt)); xt->xt_size = sizeof(struct xtty); xt->xt_insize = ttyinq_getsize(&tp->t_inq); xt->xt_incc = ttyinq_bytescanonicalized(&tp->t_inq);