Sat Aug 19 04:24:20 2017 UTC ()
Pull up following revision(s) (requested by mrg in ticket #1484):
	sys/kern/kern_ktrace.c: revision 1.171 via patch
Clamp the length we use, not the length we don't.
Avoids uninitialized memory disclosure to userland.
From Ilja Van Sprundel.


(snj)
diff -r1.160 -r1.160.6.1 src/sys/kern/kern_ktrace.c
cvs diff -r1.160 -r1.160.6.1 src/sys/kern/kern_ktrace.c (expand / switch to unified diff)

--- src/sys/kern/kern_ktrace.c 2011/12/30 20:33:04 1.160
+++ src/sys/kern/kern_ktrace.c 2017/08/19 04:24:20 1.160.6.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: kern_ktrace.c,v 1.160 2011/12/30 20:33:04 christos Exp $ */ 1/* $NetBSD: kern_ktrace.c,v 1.160.6.1 2017/08/19 04:24:20 snj Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. 4 * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc.
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * This code is derived from software contributed to The NetBSD Foundation 7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Andrew Doran. 8 * by Andrew Doran.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions 11 * modification, are permitted provided that the following conditions
12 * are met: 12 * are met:
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
@@ -51,27 +51,27 @@ @@ -51,27 +51,27 @@
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE. 58 * SUCH DAMAGE.
59 * 59 *
60 * @(#)kern_ktrace.c 8.5 (Berkeley) 5/14/95 60 * @(#)kern_ktrace.c 8.5 (Berkeley) 5/14/95
61 */ 61 */
62 62
63#include <sys/cdefs.h> 63#include <sys/cdefs.h>
64__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.160 2011/12/30 20:33:04 christos Exp $"); 64__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.160.6.1 2017/08/19 04:24:20 snj Exp $");
65 65
66#include <sys/param.h> 66#include <sys/param.h>
67#include <sys/systm.h> 67#include <sys/systm.h>
68#include <sys/proc.h> 68#include <sys/proc.h>
69#include <sys/file.h> 69#include <sys/file.h>
70#include <sys/namei.h> 70#include <sys/namei.h>
71#include <sys/vnode.h> 71#include <sys/vnode.h>
72#include <sys/kernel.h> 72#include <sys/kernel.h>
73#include <sys/kthread.h> 73#include <sys/kthread.h>
74#include <sys/ktrace.h> 74#include <sys/ktrace.h>
75#include <sys/kmem.h> 75#include <sys/kmem.h>
76#include <sys/syslog.h> 76#include <sys/syslog.h>
77#include <sys/filedesc.h> 77#include <sys/filedesc.h>
@@ -942,27 +942,27 @@ ktruser(const char *id, void *addr, size @@ -942,27 +942,27 @@ ktruser(const char *id, void *addr, size
942 error = ktealloc(&kte, (void *)&ktp, l, KTR_USER, sizeof(*ktp) + len); 942 error = ktealloc(&kte, (void *)&ktp, l, KTR_USER, sizeof(*ktp) + len);
943 if (error != 0) 943 if (error != 0)
944 return error; 944 return error;
945 945
946 if (ustr) { 946 if (ustr) {
947 if (copyinstr(id, ktp->ktr_id, KTR_USER_MAXIDLEN, NULL) != 0) 947 if (copyinstr(id, ktp->ktr_id, KTR_USER_MAXIDLEN, NULL) != 0)
948 ktp->ktr_id[0] = '\0'; 948 ktp->ktr_id[0] = '\0';
949 } else 949 } else
950 strncpy(ktp->ktr_id, id, KTR_USER_MAXIDLEN); 950 strncpy(ktp->ktr_id, id, KTR_USER_MAXIDLEN);
951 ktp->ktr_id[KTR_USER_MAXIDLEN-1] = '\0'; 951 ktp->ktr_id[KTR_USER_MAXIDLEN-1] = '\0';
952 952
953 user_dta = (void *)(ktp + 1); 953 user_dta = (void *)(ktp + 1);
954 if ((error = copyin(addr, (void *)user_dta, len)) != 0) 954 if ((error = copyin(addr, (void *)user_dta, len)) != 0)
955 len = 0; 955 kte->kte_kth.ktr_len = 0;
956 956
957 ktraddentry(l, kte, KTA_WAITOK); 957 ktraddentry(l, kte, KTA_WAITOK);
958 return error; 958 return error;
959} 959}
960 960
961void 961void
962ktr_kuser(const char *id, void *addr, size_t len) 962ktr_kuser(const char *id, void *addr, size_t len)
963{ 963{
964 struct ktrace_entry *kte; 964 struct ktrace_entry *kte;
965 struct ktr_user *ktp; 965 struct ktr_user *ktp;
966 lwp_t *l = curlwp; 966 lwp_t *l = curlwp;
967 int error; 967 int error;
968 968