tnozaki / NetBSD / issues / #362 - N**BSD-SA2023-003 Structure padding memory disclosures — Bitbucket

Issue #362 resolved

Takehiko NOZAKI repo owner created an issue 2023-12-17

see https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-003.txt.asc

Comments (2)

Takehiko NOZAKI reporter
releng.netbsd.org/cgi-bin/req-8.cgi?show=1833
- 2023-12-17T06:56:45+00:00
Takehiko NOZAKI reporter
- changed status to resolved
BUGFIX: Issue ~~#362~~ - N**BSD-SA2023-003 Structure padding memory disclosures see https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-003.txt.asc

patches are derived from:
- http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/compat/netbsd32/netbsd32.h.diff?r1=1.136&r2=1.137
- http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/compat/netbsd32/netbsd32_conv.h.diff?r1=1.44&r2=1.45
- http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/compat/netbsd32/netbsd32_fs.c.diff?r1=1.91&r2=1.92
- http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/compat/netbsd32/netbsd32_netbsd.c.diff?r1=1.231&r2=1.232
- http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/compat/netbsd32/netbsd32_socket.c.diff?r1=1.55&r2=1.56 The read/write/send/recv system calls return ssize_t because -1 is returned on error. Therefore we must restrict the lengths of any buffers to NETBSD32_SSIZE_MAX with compat32 to avoid garbage return values.
  
  Fixes ATF lib/libc/sys/t_write:write_err.
→ <<cset 62d9addc5392>>
- 2023-12-18T08:23:36+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Votes: 0

Watchers: 1