Sat Aug 19 04:24:24 2017 UTC ()
Pull up following revision(s) (requested by mrg in ticket #1484):
	sys/kern/kern_ktrace.c: revision 1.171 via patch
Clamp the length we use, not the length we don't.
Avoids uninitialized memory disclosure to userland.
From Ilja Van Sprundel.


(snj)
diff -r1.160.2.1 -r1.160.2.2 src/sys/kern/kern_ktrace.c
cvs diff -r1.160.2.1 -r1.160.2.2 src/sys/kern/kern_ktrace.c (expand / switch to context diff)
--- src/sys/kern/kern_ktrace.c 2014/12/07 15:09:31 1.160.2.1
+++ src/sys/kern/kern_ktrace.c 2017/08/19 04:24:23 1.160.2.2
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_ktrace.c,v 1.160.2.1 2014/12/07 15:09:31 martin Exp $	*/
+/*	$NetBSD: kern_ktrace.c,v 1.160.2.2 2017/08/19 04:24:23 snj Exp $	*/
 
 /*-
  * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.160.2.1 2014/12/07 15:09:31 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.160.2.2 2017/08/19 04:24:23 snj Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -952,7 +952,7 @@
 
 	user_dta = (void *)(ktp + 1);
 	if ((error = copyin(addr, (void *)user_dta, len)) != 0)
-		len = 0;
+		kte->kte_kth.ktr_len = 0;
 
 	ktraddentry(l, kte, KTA_WAITOK);
 	return error;