Sun Nov 11 10:55:58 2018 UTC ()

Fix stack info leak. There are 2x4 bytes of padding in struct ps_strings.

[  223.896199] kleak: Possible leak in copyout: [len=32, leaked=8]
[  223.906430] #0 0xffffffff80224d0a in kleak_note <netbsd>
[  223.906430] #1 0xffffffff80224d8a in kleak_copyout <netbsd>
[  223.918363] #2 0xffffffff80b1e26c in copyoutpsstrs <netbsd>
[  223.926560] #3 0xffffffff80b1e331 in copyoutargs <netbsd>
[  223.936216] #4 0xffffffff80b21768 in execve_runproc <netbsd>
[  223.946225] #5 0xffffffff80b21cc9 in execve1 <netbsd>
[  223.946225] #6 0xffffffff8025a89c in sy_call <netbsd>
[  223.956225] #7 0xffffffff8025aace in sy_invoke <netbsd>
[  223.966232] #8 0xffffffff8025ab54 in syscall <netbsd>


(maxv)

diff -r1.461 -r1.462 src/sys/kern/kern_exec.c

--- src/sys/kern/kern_exec.c 2018/09/03 16:29:35	1.461
+++ src/sys/kern/kern_exec.c 2018/11/11 10:55:58	1.462

 @@ -1,14 +1,14 @@
-/*	$NetBSD: kern_exec.c,v 1.461 2018/09/03 16:29:35 riastradh Exp $	*/
+/*	$NetBSD: kern_exec.c,v 1.462 2018/11/11 10:55:58 maxv Exp $	*/
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -49,27 +49,27 @@
  * THIS SOFTWARE IS PROVIDED BY TOOLS GMBH ``AS IS'' AND ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL TOOLS GMBH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.461 2018/09/03 16:29:35 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.462 2018/11/11 10:55:58 maxv Exp $");
 #include "opt_exec.h"
 #include "opt_execfmt.h"
 #include "opt_ktrace.h"
 #include "opt_modular.h"
 #include "opt_syscall_debug.h"
 #include "veriexec.h"
 #include "opt_pax.h"
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/filedesc.h>
 #include <sys/kernel.h>
 @@ -1414,26 +1414,28 @@ calcstack(struct execve_data * restrict
 	/* make the stack "safely" aligned */
 	return STACK_LEN_ALIGN(stacklen, STACK_ALIGNBYTES);
+}
 static int
 copyoutargs(struct execve_data * restrict data, struct lwp *l,
     char * const newstack)
+{
 	struct exec_package	* const epp = &data->ed_pack;
 	struct proc		*p = l->l_proc;
 	int			error;
 	memset(&data->ed_arginfo, 0, sizeof(data->ed_arginfo));
 	/* remember information about the process */
 	data->ed_arginfo.ps_nargvstr = data->ed_argc;
 	data->ed_arginfo.ps_nenvstr = data->ed_envc;
 	/*
 	 * Allocate the stack address passed to the newly execve()'ed process.
+	 *
 	 * The new stack address will be set to the SP (stack pointer) register
 	 * in setregs().
 	 */
 	char *newargs = STACK_ALLOC(
 	    STACK_SHRINK(newstack, data->ed_argslen), data->ed_argslen);