Skip to content

Commit

Permalink
Zero-fill the ELF auxiliary vectors. Otherwise, on 64bit systems, the
Browse files Browse the repository at this point in the history 
padding between a_v and a_type contains kernel garbage, therefore
exposed to userland.

Original report by uebayasi@
  • Loading branch information
maxv committed Mar 20, 2015
1 parent 3c101c2 commit 7325e85
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 10 deletions.
6 changes: 4 additions & 2 deletions sys/compat/linux/common/linux_exec_elf32.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: linux_exec_elf32.c,v 1.91 2014/04/15 17:29:00 maxv Exp $ */
/* $NetBSD: linux_exec_elf32.c,v 1.92 2015/03/20 20:36:27 maxv Exp $ */

/*-
* Copyright (c) 1995, 1998, 2000, 2001 The NetBSD Foundation, Inc.
Expand Down Expand Up @@ -35,7 +35,7 @@
*/

#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: linux_exec_elf32.c,v 1.91 2014/04/15 17:29:00 maxv Exp $");
__KERNEL_RCSID(0, "$NetBSD: linux_exec_elf32.c,v 1.92 2015/03/20 20:36:27 maxv Exp $");

#ifndef ELFSIZE
/* XXX should die */
Expand Down Expand Up @@ -391,6 +391,8 @@ ELFNAME2(linux,copyargs)(struct lwp *l, struct exec_package *pack,

a = ai;

memset(ai, 0, sizeof(ai));

/*
* Push extra arguments used by glibc on the stack.
*/
Expand Down
6 changes: 4 additions & 2 deletions sys/compat/linux32/common/linux32_exec_elf32.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: linux32_exec_elf32.c,v 1.17 2014/02/23 16:07:40 njoly Exp $ */
/* $NetBSD: linux32_exec_elf32.c,v 1.18 2015/03/20 20:36:27 maxv Exp $ */

/*-
* Copyright (c) 1995, 1998, 2000, 2001,2006 The NetBSD Foundation, Inc.
Expand Down Expand Up @@ -31,7 +31,7 @@
*/

#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: linux32_exec_elf32.c,v 1.17 2014/02/23 16:07:40 njoly Exp $");
__KERNEL_RCSID(0, "$NetBSD: linux32_exec_elf32.c,v 1.18 2015/03/20 20:36:27 maxv Exp $");

#define ELFSIZE 32

Expand Down Expand Up @@ -119,6 +119,8 @@ linux32_elf32_copyargs(struct lwp *l, struct exec_package *pack,

a = ai;

memset(ai, 0, sizeof(ai));

/*
* Push extra arguments on the stack needed by dynamically
* linked binaries and static binaries as well.
Expand Down
6 changes: 4 additions & 2 deletions sys/compat/netbsd32/netbsd32_exec_elf32.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: netbsd32_exec_elf32.c,v 1.38 2014/10/24 21:08:36 christos Exp $ */
/* $NetBSD: netbsd32_exec_elf32.c,v 1.39 2015/03/20 20:36:27 maxv Exp $ */
/* from: NetBSD: exec_aout.c,v 1.15 1996/09/26 23:34:46 cgd Exp */

/*
Expand Down Expand Up @@ -57,7 +57,7 @@
*/

#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: netbsd32_exec_elf32.c,v 1.38 2014/10/24 21:08:36 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: netbsd32_exec_elf32.c,v 1.39 2015/03/20 20:36:27 maxv Exp $");

#define ELFSIZE 32

Expand Down Expand Up @@ -141,6 +141,8 @@ netbsd32_elf32_copyargs(struct lwp *l, struct exec_package *pack,

a = ai;

memset(ai, 0, sizeof(ai));

/*
* Push extra arguments on the stack needed by dynamically
* linked binaries
Expand Down
8 changes: 6 additions & 2 deletions sys/compat/svr4_32/svr4_32_exec_elf32.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: svr4_32_exec_elf32.c,v 1.23 2014/04/09 11:40:03 maxv Exp $ */
/* $NetBSD: svr4_32_exec_elf32.c,v 1.24 2015/03/20 20:36:27 maxv Exp $ */

/*-
* Copyright (c) 1994 The NetBSD Foundation, Inc.
Expand Down Expand Up @@ -30,7 +30,7 @@
*/

#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: svr4_32_exec_elf32.c,v 1.23 2014/04/09 11:40:03 maxv Exp $");
__KERNEL_RCSID(0, "$NetBSD: svr4_32_exec_elf32.c,v 1.24 2015/03/20 20:36:27 maxv Exp $");

#define ELFSIZE 32 /* XXX should die */

Expand Down Expand Up @@ -81,6 +81,8 @@ svr4_32_copyargs(struct lwp *l, struct exec_package *pack, struct ps_strings *ar

a = ai;

memset(ai, 0, sizeof(ai));

/*
* Push extra arguments on the stack needed by dynamically
* linked binaries
Expand Down Expand Up @@ -200,6 +202,8 @@ svr4_32_copyargs(struct lwp *l, struct exec_package *pack, struct ps_strings *ar

a = ai;

memset(ai, 0, sizeof(ai));

/*
* Push extra arguments on the stack needed by dynamically
* linked binaries
Expand Down
6 changes: 4 additions & 2 deletions sys/kern/exec_elf.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: exec_elf.c,v 1.70 2014/08/17 23:03:58 chs Exp $ */
/* $NetBSD: exec_elf.c,v 1.71 2015/03/20 20:36:28 maxv Exp $ */

/*-
* Copyright (c) 1994, 2000, 2005 The NetBSD Foundation, Inc.
Expand Down Expand Up @@ -57,7 +57,7 @@
*/

#include <sys/cdefs.h>
__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.70 2014/08/17 23:03:58 chs Exp $");
__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.71 2015/03/20 20:36:28 maxv Exp $");

#ifdef _KERNEL_OPT
#include "opt_pax.h"
Expand Down Expand Up @@ -178,6 +178,8 @@ elf_copyargs(struct lwp *l, struct exec_package *pack,
a = ai;
execname = NULL;

memset(ai, 0, sizeof(ai));

/*
* Push extra arguments on the stack needed by dynamically
* linked binaries
Expand Down

0 comments on commit 7325e85

Please sign in to comment.