11.1/releng-p4.diff - freebsd-patches - Rivoreo Source Code Repositories

 Index: UPDATING
 ===================================================================
 --- UPDATING	(版本 325325)
 +++ UPDATING	(版本 325875)
 @@ -16,6 +16,13 @@
  the tip of head, and then rebuild without this option. The bootstrap process
  from older version of current across the gcc/clang cutover is a bit fragile.

 +20171115	p3	FreeBSD-SA-17:08.ptrace
 +			FreeBSD-SA-17:10.kldstat
 +
 +	Fix ptrace(2) vulnerability. [SA-17:08.ptrace]
 +
 +	Fix kldstat(2) vulnerability. [SA-17:10.kldstat]
 +
  20171102	p3	FreeBSD-EN-17:09.tzdata

  	Update timezone database information. [EN-17:09]
 Index: sys/compat/freebsd32/freebsd32_misc.c
 ===================================================================
 --- sys/compat/freebsd32/freebsd32_misc.c	(版本 325325)
 +++ sys/compat/freebsd32/freebsd32_misc.c	(版本 325875)
 @@ -2950,8 +2950,8 @@
  int
  freebsd32_kldstat(struct thread *td, struct freebsd32_kldstat_args *uap)
  {
 -	struct kld_file_stat stat;
 -	struct kld32_file_stat stat32;
 +	struct kld_file_stat *stat;
 +	struct kld32_file_stat *stat32;
  	int error, version;

  	if ((error = copyin(&uap->stat->version, &version, sizeof(version)))
 @@ -2961,17 +2961,22 @@
  	    version != sizeof(struct kld32_file_stat))
  		return (EINVAL);

 -	error = kern_kldstat(td, uap->fileid, &stat);
 -	if (error != 0)
 -		return (error);
 -
 -	bcopy(&stat.name[0], &stat32.name[0], sizeof(stat.name));
 -	CP(stat, stat32, refs);
 -	CP(stat, stat32, id);
 -	PTROUT_CP(stat, stat32, address);
 -	CP(stat, stat32, size);
 -	bcopy(&stat.pathname[0], &stat32.pathname[0], sizeof(stat.pathname));
 -	return (copyout(&stat32, uap->stat, version));
 +	stat = malloc(sizeof(*stat), M_TEMP, M_WAITOK | M_ZERO);
 +	stat32 = malloc(sizeof(*stat32), M_TEMP, M_WAITOK | M_ZERO);
 +	error = kern_kldstat(td, uap->fileid, stat);
 +	if (error == 0) {
 +		bcopy(&stat->name[0], &stat32->name[0], sizeof(stat->name));
 +		CP(*stat, *stat32, refs);
 +		CP(*stat, *stat32, id);
 +		PTROUT_CP(*stat, *stat32, address);
 +		CP(*stat, *stat32, size);
 +		bcopy(&stat->pathname[0], &stat32->pathname[0],
 +		    sizeof(stat->pathname));
 +		error = copyout(stat32, uap->stat, version);
 +	}
 +	free(stat, M_TEMP);
 +	free(stat32, M_TEMP);
 +	return (error);
  }

  int
 Index: sys/conf/newvers.sh
 ===================================================================
 --- sys/conf/newvers.sh	(版本 325325)
 +++ sys/conf/newvers.sh	(版本 325875)
 @@ -44,7 +44,7 @@

  TYPE="FreeBSD"
  REVISION="11.1"
 -BRANCH="RELEASE-p3"
 +BRANCH="RELEASE-p4"
  if [ -n "${BRANCH_OVERRIDE}" ]; then
  	BRANCH=${BRANCH_OVERRIDE}
  fi
 Index: sys/kern/kern_linker.c
 ===================================================================
 --- sys/kern/kern_linker.c	(版本 325325)
 +++ sys/kern/kern_linker.c	(版本 325875)
 @@ -1201,7 +1201,7 @@
  int
  sys_kldstat(struct thread *td, struct kldstat_args *uap)
  {
 -	struct kld_file_stat stat;
 +	struct kld_file_stat *stat;
  	int error, version;

  	/*
 @@ -1214,10 +1214,12 @@
  	    version != sizeof(struct kld_file_stat))
  		return (EINVAL);

 -	error = kern_kldstat(td, uap->fileid, &stat);
 -	if (error != 0)
 -		return (error);
 -	return (copyout(&stat, uap->stat, version));
 +	stat = malloc(sizeof(*stat), M_TEMP, M_WAITOK | M_ZERO);
 +	error = kern_kldstat(td, uap->fileid, stat);
 +	if (error == 0)
 +		error = copyout(stat, uap->stat, version);
 +	free(stat, M_TEMP);
 +	return (error);
  }

  int
 Index: sys/kern/sys_process.c
 ===================================================================
 --- sys/kern/sys_process.c	(版本 325325)
 +++ sys/kern/sys_process.c	(版本 325875)
 @@ -518,6 +518,7 @@
      struct ptrace_lwpinfo32 *pl32)
  {

 +	bzero(pl32, sizeof(*pl32));
  	pl32->pl_lwpid = pl->pl_lwpid;
  	pl32->pl_event = pl->pl_event;
  	pl32->pl_flags = pl->pl_flags;
 @@ -1301,6 +1302,7 @@
  		} else
  #endif
  		pl = addr;
 +		bzero(pl, sizeof(*pl));
  		pl->pl_lwpid = td2->td_tid;
  		pl->pl_event = PL_EVENT_NONE;
  		pl->pl_flags = 0;
 @@ -1321,8 +1323,6 @@
  				pl->pl_siginfo = td2->td_dbgksi.ksi_info;
  			}
  		}
 -		if ((pl->pl_flags & PL_FLAG_SI) == 0)
 -			bzero(&pl->pl_siginfo, sizeof(pl->pl_siginfo));
  		if (td2->td_dbgflags & TDB_SCE)
  			pl->pl_flags |= PL_FLAG_SCE;
  		else if (td2->td_dbgflags & TDB_SCX)
	Index: UPDATING
	===================================================================
	--- UPDATING (版本 325325)
	+++ UPDATING (版本 325875)
	@@ -16,6 +16,13 @@
	the tip of head, and then rebuild without this option. The bootstrap process
	from older version of current across the gcc/clang cutover is a bit fragile.

	+20171115 p3 FreeBSD-SA-17:08.ptrace
	+ FreeBSD-SA-17:10.kldstat
	+
	+ Fix ptrace(2) vulnerability. [SA-17:08.ptrace]
	+
	+ Fix kldstat(2) vulnerability. [SA-17:10.kldstat]
	+
	20171102 p3 FreeBSD-EN-17:09.tzdata

	Update timezone database information. [EN-17:09]
	Index: sys/compat/freebsd32/freebsd32_misc.c
	===================================================================
	--- sys/compat/freebsd32/freebsd32_misc.c (版本 325325)
	+++ sys/compat/freebsd32/freebsd32_misc.c (版本 325875)
	@@ -2950,8 +2950,8 @@
	int
	freebsd32_kldstat(struct thread td, struct freebsd32_kldstat_args uap)
	{
	- struct kld_file_stat stat;
	- struct kld32_file_stat stat32;
	+ struct kld_file_stat *stat;
	+ struct kld32_file_stat *stat32;
	int error, version;

	if ((error = copyin(&uap->stat->version, &version, sizeof(version)))
	@@ -2961,17 +2961,22 @@
	version != sizeof(struct kld32_file_stat))
	return (EINVAL);

	- error = kern_kldstat(td, uap->fileid, &stat);
	- if (error != 0)
	- return (error);
	-
	- bcopy(&stat.name[0], &stat32.name[0], sizeof(stat.name));
	- CP(stat, stat32, refs);
	- CP(stat, stat32, id);
	- PTROUT_CP(stat, stat32, address);
	- CP(stat, stat32, size);
	- bcopy(&stat.pathname[0], &stat32.pathname[0], sizeof(stat.pathname));
	- return (copyout(&stat32, uap->stat, version));
	+ stat = malloc(sizeof(*stat), M_TEMP, M_WAITOK \| M_ZERO);
	+ stat32 = malloc(sizeof(*stat32), M_TEMP, M_WAITOK \| M_ZERO);
	+ error = kern_kldstat(td, uap->fileid, stat);
	+ if (error == 0) {
	+ bcopy(&stat->name[0], &stat32->name[0], sizeof(stat->name));
	+ CP(stat, stat32, refs);
	+ CP(stat, stat32, id);
	+ PTROUT_CP(stat, stat32, address);
	+ CP(stat, stat32, size);
	+ bcopy(&stat->pathname[0], &stat32->pathname[0],
	+ sizeof(stat->pathname));
	+ error = copyout(stat32, uap->stat, version);
	+ }
	+ free(stat, M_TEMP);
	+ free(stat32, M_TEMP);
	+ return (error);
	}

	int
	Index: sys/conf/newvers.sh
	===================================================================
	--- sys/conf/newvers.sh (版本 325325)
	+++ sys/conf/newvers.sh (版本 325875)
	@@ -44,7 +44,7 @@

	TYPE="FreeBSD"
	REVISION="11.1"
	-BRANCH="RELEASE-p3"
	+BRANCH="RELEASE-p4"
	if [ -n "${BRANCH_OVERRIDE}" ]; then
	BRANCH=${BRANCH_OVERRIDE}
	fi
	Index: sys/kern/kern_linker.c
	===================================================================
	--- sys/kern/kern_linker.c (版本 325325)
	+++ sys/kern/kern_linker.c (版本 325875)
	@@ -1201,7 +1201,7 @@
	int
	sys_kldstat(struct thread td, struct kldstat_args uap)
	{
	- struct kld_file_stat stat;
	+ struct kld_file_stat *stat;
	int error, version;

	/*
	@@ -1214,10 +1214,12 @@
	version != sizeof(struct kld_file_stat))
	return (EINVAL);

	- error = kern_kldstat(td, uap->fileid, &stat);
	- if (error != 0)
	- return (error);
	- return (copyout(&stat, uap->stat, version));
	+ stat = malloc(sizeof(*stat), M_TEMP, M_WAITOK \| M_ZERO);
	+ error = kern_kldstat(td, uap->fileid, stat);
	+ if (error == 0)
	+ error = copyout(stat, uap->stat, version);
	+ free(stat, M_TEMP);
	+ return (error);
	}

	int
	Index: sys/kern/sys_process.c
	===================================================================
	--- sys/kern/sys_process.c (版本 325325)
	+++ sys/kern/sys_process.c (版本 325875)
	@@ -518,6 +518,7 @@
	struct ptrace_lwpinfo32 *pl32)
	{

	+ bzero(pl32, sizeof(*pl32));
	pl32->pl_lwpid = pl->pl_lwpid;
	pl32->pl_event = pl->pl_event;
	pl32->pl_flags = pl->pl_flags;
	@@ -1301,6 +1302,7 @@
	} else
	#endif
	pl = addr;
	+ bzero(pl, sizeof(*pl));
	pl->pl_lwpid = td2->td_tid;
	pl->pl_event = PL_EVENT_NONE;
	pl->pl_flags = 0;
	@@ -1321,8 +1323,6 @@
	pl->pl_siginfo = td2->td_dbgksi.ksi_info;
	}
	}
	- if ((pl->pl_flags & PL_FLAG_SI) == 0)
	- bzero(&pl->pl_siginfo, sizeof(pl->pl_siginfo));
	if (td2->td_dbgflags & TDB_SCE)
	pl->pl_flags \|= PL_FLAG_SCE;
	else if (td2->td_dbgflags & TDB_SCX)