From 737a11389ccd741b581f35ff79e3ec159eb09764 Mon Sep 17 00:00:00 2001 From: Brian Gianforcaro Date: Wed, 29 Dec 2021 02:54:25 -0800 Subject: [PATCH] Kernel: Fix info leak from `sockaddr_un` in socket syscalls In `sys$accept4()` and `get_sock_or_peer_name()` we were not initializing the padding of the `sockaddr_un` struct, leading to an kernel information leak if the caller looked back at it's contents. Before Fix: 37.766 Clipboard(11:11): accept4 Bytes: 2f746d702f706f7274616c2f636c6970626f61726440eac130e7fbc1e8abbfc 19c10ffc18440eac15485bcc130e7fbc1549feaca6c9deaca549feaca1bb0bc 03efdf62c0e056eac1b402d7acd010ffc14602000001b0bc030100000050bf0 5c24602000001e7fbc1b402d7ac6bdc After Fix: 0.603 Clipboard(11:11): accept4 Bytes: 2f746d702f706f7274616c2f636c6970626f617264000000000000000000000 000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000 --- Kernel/Syscalls/socket.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Kernel/Syscalls/socket.cpp b/Kernel/Syscalls/socket.cpp index b7cd325d53..16cc1580c0 100644 --- a/Kernel/Syscalls/socket.cpp +++ b/Kernel/Syscalls/socket.cpp @@ -108,7 +108,7 @@ ErrorOr Process::sys$accept4(Userspace(address_size)); accepted_socket->get_peer_address((sockaddr*)&address_buffer, &address_size); TRY(copy_to_user(user_address, &address_buffer, address_size)); @@ -266,7 +266,7 @@ ErrorOr Process::get_sock_or_peer_name(const Params& params) auto& socket = *description->socket(); REQUIRE_PROMISE_FOR_SOCKET_DOMAIN(socket.domain()); - sockaddr_un address_buffer; + sockaddr_un address_buffer {}; addrlen_value = min(sizeof(sockaddr_un), static_cast(addrlen_value)); if constexpr (sockname) socket.get_local_address((sockaddr*)&address_buffer, &addrlen_value);