N**BSD-SA2023-003 Structure padding memory disclosures
Issue #362
resolved
Comments (2)
-
reporter -
reporter - changed status to resolved
BUGFIX: Issue
#362- N**BSD-SA2023-003 Structure padding memory disclosures see https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-003.txt.ascpatches are derived from:
- http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/compat/netbsd32/netbsd32.h.diff?r1=1.136&r2=1.137
- http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/compat/netbsd32/netbsd32_conv.h.diff?r1=1.44&r2=1.45
- http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/compat/netbsd32/netbsd32_fs.c.diff?r1=1.91&r2=1.92
- http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/compat/netbsd32/netbsd32_netbsd.c.diff?r1=1.231&r2=1.232
-
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/compat/netbsd32/netbsd32_socket.c.diff?r1=1.55&r2=1.56 The read/write/send/recv system calls return ssize_t because -1 is returned on error. Therefore we must restrict the lengths of any buffers to NETBSD32_SSIZE_MAX with compat32 to avoid garbage return values.
Fixes ATF lib/libc/sys/t_write:write_err.
→ <<cset 62d9addc5392>>
- Log in to comment
releng.netbsd.org/cgi-bin/req-8.cgi?show=1833