Fri Nov 30 10:40:19 2018 UTC ()
Pull up following revision(s) (requested by maxv in ticket #1661):

	sys/kern/kern_sig.c: revision 1.350

Fix kernel info leak, 4 bytes of padding at the end of struct sigaction.

        + Possible info leak: [len=32, leaked=4]
        | #0 0xffffffff80baf327 in kleak_copyout
        | #1 0xffffffff80bd9ca8 in sys___sigaction_sigtramp
        | #2 0xffffffff80259c42 in syscall


(martin)
diff -r1.319.8.1 -r1.319.8.2 src/sys/kern/kern_sig.c
cvs diff -r1.319.8.1 -r1.319.8.2 src/sys/kern/kern_sig.c (expand / switch to unified diff)

--- src/sys/kern/kern_sig.c 2015/11/05 09:21:50 1.319.8.1
+++ src/sys/kern/kern_sig.c 2018/11/30 10:40:19 1.319.8.2
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: kern_sig.c,v 1.319.8.1 2015/11/05 09:21:50 snj Exp $ */ 1/* $NetBSD: kern_sig.c,v 1.319.8.2 2018/11/30 10:40:19 martin Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. 4 * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc.
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * This code is derived from software contributed to The NetBSD Foundation 7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Andrew Doran. 8 * by Andrew Doran.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions 11 * modification, are permitted provided that the following conditions
12 * are met: 12 * are met:
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
@@ -60,27 +60,27 @@ @@ -60,27 +60,27 @@
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE. 63 * SUCH DAMAGE.
64 * 64 *
65 * @(#)kern_sig.c 8.14 (Berkeley) 5/14/95 65 * @(#)kern_sig.c 8.14 (Berkeley) 5/14/95
66 */ 66 */
67 67
68/* 68/*
69 * Signal subsystem. 69 * Signal subsystem.
70 */ 70 */
71 71
72#include <sys/cdefs.h> 72#include <sys/cdefs.h>
73__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.319.8.1 2015/11/05 09:21:50 snj Exp $"); 73__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.319.8.2 2018/11/30 10:40:19 martin Exp $");
74 74
75#include "opt_ptrace.h" 75#include "opt_ptrace.h"
76#include "opt_compat_sunos.h" 76#include "opt_compat_sunos.h"
77#include "opt_compat_netbsd.h" 77#include "opt_compat_netbsd.h"
78#include "opt_compat_netbsd32.h" 78#include "opt_compat_netbsd32.h"
79#include "opt_pax.h" 79#include "opt_pax.h"
80 80
81#define SIGPROP /* include signal properties table */ 81#define SIGPROP /* include signal properties table */
82#include <sys/param.h> 82#include <sys/param.h>
83#include <sys/signalvar.h> 83#include <sys/signalvar.h>
84#include <sys/proc.h> 84#include <sys/proc.h>
85#include <sys/systm.h> 85#include <sys/systm.h>
86#include <sys/wait.h> 86#include <sys/wait.h>
@@ -181,40 +181,47 @@ signal_listener_cb(kauth_cred_t cred, ka @@ -181,40 +181,47 @@ signal_listener_cb(kauth_cred_t cred, ka
181 p = arg0; 181 p = arg0;
182 signum = (int)(unsigned long)arg1; 182 signum = (int)(unsigned long)arg1;
183 183
184 if (action != KAUTH_PROCESS_SIGNAL) 184 if (action != KAUTH_PROCESS_SIGNAL)
185 return result; 185 return result;
186 186
187 if (kauth_cred_uidmatch(cred, p->p_cred) || 187 if (kauth_cred_uidmatch(cred, p->p_cred) ||
188 (signum == SIGCONT && (curproc->p_session == p->p_session))) 188 (signum == SIGCONT && (curproc->p_session == p->p_session)))
189 result = KAUTH_RESULT_ALLOW; 189 result = KAUTH_RESULT_ALLOW;
190 190
191 return result; 191 return result;
192} 192}
193 193
 194static int
 195sigacts_ctor(void *arg __unused, void *obj, int flags __unused)
 196{
 197 memset(obj, 0, sizeof(struct sigacts));
 198 return 0;
 199}
 200
194/* 201/*
195 * signal_init: 202 * signal_init:
196 * 203 *
197 * Initialize global signal-related data structures. 204 * Initialize global signal-related data structures.
198 */ 205 */
199void 206void
200signal_init(void) 207signal_init(void)
201{ 208{
202 209
203 sigactspool_allocator.pa_pagesz = (PAGE_SIZE)*2; 210 sigactspool_allocator.pa_pagesz = (PAGE_SIZE)*2;
204 211
205 sigacts_cache = pool_cache_init(sizeof(struct sigacts), 0, 0, 0, 212 sigacts_cache = pool_cache_init(sizeof(struct sigacts), 0, 0, 0,
206 "sigacts", sizeof(struct sigacts) > PAGE_SIZE ? 213 "sigacts", sizeof(struct sigacts) > PAGE_SIZE ?
207 &sigactspool_allocator : NULL, IPL_NONE, NULL, NULL, NULL); 214 &sigactspool_allocator : NULL, IPL_NONE, sigacts_ctor, NULL, NULL);
208 ksiginfo_cache = pool_cache_init(sizeof(ksiginfo_t), 0, 0, 0, 215 ksiginfo_cache = pool_cache_init(sizeof(ksiginfo_t), 0, 0, 0,
209 "ksiginfo", NULL, IPL_VM, NULL, NULL, NULL); 216 "ksiginfo", NULL, IPL_VM, NULL, NULL, NULL);
210 217
211 exechook_establish(ksiginfo_exechook, NULL); 218 exechook_establish(ksiginfo_exechook, NULL);
212 219
213 callout_init(&proc_stop_ch, CALLOUT_MPSAFE); 220 callout_init(&proc_stop_ch, CALLOUT_MPSAFE);
214 callout_setfunc(&proc_stop_ch, proc_stop_callout, NULL); 221 callout_setfunc(&proc_stop_ch, proc_stop_callout, NULL);
215 222
216 signal_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 223 signal_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
217 signal_listener_cb, NULL); 224 signal_listener_cb, NULL);
218} 225}
219 226
220/* 227/*