From 6eee883a179a437fa1655134ca146be03798771e Mon Sep 17 00:00:00 2001
From: Eitan Adler <eadler@FreeBSD.org>
Date: Sat, 3 Mar 2018 21:14:55 +0000
Subject: [PATCH] sys/linux: Fix a few potential infoleaks in Linux IPC

Submitted by:	Domagoj Stolfa <domagoj.stolfa@gmail.com>
MFC After:	1 month
---
 sys/compat/linux/linux_ipc.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/sys/compat/linux/linux_ipc.c b/sys/compat/linux/linux_ipc.c
index 8d52608bb47..8d158f704b3 100644
--- a/sys/compat/linux/linux_ipc.c
+++ b/sys/compat/linux/linux_ipc.c
@@ -548,6 +548,9 @@ linux_semctl(struct thread *td, struct linux_semctl_args *args)
 	register_t rval;
 	int cmd, error;
 
+	memset(&linux_seminfo, 0, sizeof(linux_seminfo));
+	memset(&linux_semid64, 0, sizeof(linux_semid64));
+
 	switch (args->cmd & ~LINUX_IPC_64) {
 	case LINUX_IPC_RMID:
 		cmd = IPC_RMID;
@@ -702,12 +705,15 @@ linux_msgctl(struct thread *td, struct linux_msgctl_args *args)
 	struct l_msqid64_ds linux_msqid64;
 	struct msqid_ds bsd_msqid;
 
+	memset(&linux_msqid64, 0, sizeof(linux_msqid64));
+
 	bsd_cmd = args->cmd & ~LINUX_IPC_64;
 	switch (bsd_cmd) {
 	case LINUX_IPC_INFO:
 	case LINUX_MSG_INFO: {
 		struct l_msginfo linux_msginfo;
 
+		memset(&linux_msginfo, 0, sizeof(linux_msginfo));
 		/*
 		 * XXX MSG_INFO uses the same data structure but returns different
 		 * dynamic counters in msgpool, msgmap, and msgtql fields.
@@ -833,6 +839,10 @@ linux_shmctl(struct thread *td, struct linux_shmctl_args *args)
 	struct shmid_ds bsd_shmid;
 	int error;
 
+	memset(&linux_shm_info, 0, sizeof(linux_shm_info));
+	memset(&linux_shmid64, 0, sizeof(linux_shmid64));
+	memset(&linux_shminfo64, 0, sizeof(linux_shminfo64));
+
 	switch (args->cmd & ~LINUX_IPC_64) {
 
 	case LINUX_IPC_INFO: {