Sat Aug 19 05:21:56 2017 UTC ()
Pull up following revision(s) (requested by mrg in ticket #1481):
	sys/kern/kern_ktrace.c: 1.171 via patch
Clamp the length we use, not the length we don't.
Avoids uninitialized memory disclosure to userland.
From Ilja Van Sprundel.


(snj)
diff -r1.164.4.1 -r1.164.4.1.2.1 src/sys/kern/kern_ktrace.c
cvs diff -r1.164.4.1 -r1.164.4.1.2.1 src/sys/kern/kern_ktrace.c (expand / switch to unified diff)

--- src/sys/kern/kern_ktrace.c 2014/12/01 11:38:42 1.164.4.1
+++ src/sys/kern/kern_ktrace.c 2017/08/19 05:21:56 1.164.4.1.2.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: kern_ktrace.c,v 1.164.4.1 2014/12/01 11:38:42 martin Exp $ */ 1/* $NetBSD: kern_ktrace.c,v 1.164.4.1.2.1 2017/08/19 05:21:56 snj Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. 4 * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc.
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * This code is derived from software contributed to The NetBSD Foundation 7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Andrew Doran. 8 * by Andrew Doran.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions 11 * modification, are permitted provided that the following conditions
12 * are met: 12 * are met:
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
@@ -51,27 +51,27 @@ @@ -51,27 +51,27 @@
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE. 58 * SUCH DAMAGE.
59 * 59 *
60 * @(#)kern_ktrace.c 8.5 (Berkeley) 5/14/95 60 * @(#)kern_ktrace.c 8.5 (Berkeley) 5/14/95
61 */ 61 */
62 62
63#include <sys/cdefs.h> 63#include <sys/cdefs.h>
64__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.164.4.1 2014/12/01 11:38:42 martin Exp $"); 64__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.164.4.1.2.1 2017/08/19 05:21:56 snj Exp $");
65 65
66#include <sys/param.h> 66#include <sys/param.h>
67#include <sys/systm.h> 67#include <sys/systm.h>
68#include <sys/proc.h> 68#include <sys/proc.h>
69#include <sys/file.h> 69#include <sys/file.h>
70#include <sys/kernel.h> 70#include <sys/kernel.h>
71#include <sys/kthread.h> 71#include <sys/kthread.h>
72#include <sys/ktrace.h> 72#include <sys/ktrace.h>
73#include <sys/kmem.h> 73#include <sys/kmem.h>
74#include <sys/syslog.h> 74#include <sys/syslog.h>
75#include <sys/filedesc.h> 75#include <sys/filedesc.h>
76#include <sys/ioctl.h> 76#include <sys/ioctl.h>
77#include <sys/callout.h> 77#include <sys/callout.h>
@@ -921,27 +921,27 @@ ktruser(const char *id, void *addr, size @@ -921,27 +921,27 @@ ktruser(const char *id, void *addr, size
921 error = ktealloc(&kte, (void *)&ktp, l, KTR_USER, sizeof(*ktp) + len); 921 error = ktealloc(&kte, (void *)&ktp, l, KTR_USER, sizeof(*ktp) + len);
922 if (error != 0) 922 if (error != 0)
923 return error; 923 return error;
924 924
925 if (ustr) { 925 if (ustr) {
926 if (copyinstr(id, ktp->ktr_id, KTR_USER_MAXIDLEN, NULL) != 0) 926 if (copyinstr(id, ktp->ktr_id, KTR_USER_MAXIDLEN, NULL) != 0)
927 ktp->ktr_id[0] = '\0'; 927 ktp->ktr_id[0] = '\0';
928 } else 928 } else
929 strncpy(ktp->ktr_id, id, KTR_USER_MAXIDLEN); 929 strncpy(ktp->ktr_id, id, KTR_USER_MAXIDLEN);
930 ktp->ktr_id[KTR_USER_MAXIDLEN-1] = '\0'; 930 ktp->ktr_id[KTR_USER_MAXIDLEN-1] = '\0';
931 931
932 user_dta = (void *)(ktp + 1); 932 user_dta = (void *)(ktp + 1);
933 if ((error = copyin(addr, (void *)user_dta, len)) != 0) 933 if ((error = copyin(addr, (void *)user_dta, len)) != 0)
934 len = 0; 934 kte->kte_kth.ktr_len = 0;
935 935
936 ktraddentry(l, kte, KTA_WAITOK); 936 ktraddentry(l, kte, KTA_WAITOK);
937 return error; 937 return error;
938} 938}
939 939
940void 940void
941ktr_kuser(const char *id, void *addr, size_t len) 941ktr_kuser(const char *id, void *addr, size_t len)
942{ 942{
943 struct ktrace_entry *kte; 943 struct ktrace_entry *kte;
944 struct ktr_user *ktp; 944 struct ktr_user *ktp;
945 lwp_t *l = curlwp; 945 lwp_t *l = curlwp;
946 int error; 946 int error;
947 947