K 10
svn:author
V 6
emaste
K 8
svn:date
V 27
2018-01-02T18:29:44.977811Z
K 7
svn:log
V 609
hpt27xx: plug info leak in hpt_ioctl

The hpt27xx ioctl handler allocates a buffer without M_ZERO and calls
hpt_do_ioctl(), which might not overwrite the entire buffer.

Also zero bytesReturned in case it is not written by hpt_do_ioctl().

The hpt27xx device has permissions only for root so this is not urgent,
and the fix can be MFCd and considered for a future EN.

Reported by:	Ilja van Sprundel <ivansprundel@ioactive.com>
Submitted by:	Domagoj Stolfa <domagoj.stolfa@gmail.com> (M_ZERO)
Reviewed by:	jhb, kib
MFC after:	3 days
Security:	info leak in root-only ioctl
Sponsored by:	The FreeBSD Foundation

END