upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix kernel data leak via ptrace(PT_LWPINFO). [SA-17:08]

Browse source 
Approved by:	so
Security:	FreeBSD-SA-17:08.ptrace
Security:	CVE-2017-1086
This commit is contained in:
gordon 2017-11-15 22:39:41 +00:00 committed by Franco Fichtner
parent 0111378690
commit 5a57ffec3f
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/kern/sys_process.c
View file

@ -520,6 +520,7 @@ ptrace_lwpinfo_to32(const struct ptrace_lwpinfo *pl,
struct ptrace_lwpinfo32 *pl32)
{
bzero(pl32, sizeof(*pl32));
pl32->pl_lwpid = pl->pl_lwpid;
pl32->pl_event = pl->pl_event;
pl32->pl_flags = pl->pl_flags;
@ -1303,6 +1304,7 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
} else
#endif
pl = addr;
bzero(pl, sizeof(*pl));
pl->pl_lwpid = td2->td_tid;
pl->pl_event = PL_EVENT_NONE;
pl->pl_flags = 0;
@ -1323,8 +1325,6 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
pl->pl_siginfo = td2->td_dbgksi.ksi_info;
}
}
if ((pl->pl_flags & PL_FLAG_SI) == 0)
bzero(&pl->pl_siginfo, sizeof(pl->pl_siginfo));
if (td2->td_dbgflags & TDB_SCE)
pl->pl_flags |= PL_FLAG_SCE;
else if (td2->td_dbgflags & TDB_SCX)