K 10
svn:author
V 6
emaste
K 8
svn:date
V 27
2018-01-05T16:04:56.550608Z
K 7
svn:log
V 1111
MFC r327497, r327498: fix memory disclosure in hpt* ioctls

r327497: hpt27xx: plug info leak in hpt_ioctl

The hpt27xx ioctl handler allocates a buffer without M_ZERO and calls
hpt_do_ioctl(), which might not overwrite the entire buffer.

Also zero bytesReturned in case it is not written by hpt_do_ioctl().

The hpt27xx device has permissions only for root so this is not urgent,
and the fix can be MFCd and considered for a future EN.

Reported by:  Ilja van Sprundel <ivansprundel@ioactive.com>
Submitted by: Domagoj Stolfa <domagoj.stolfa@gmail.com> (M_ZERO)

r327498: hpt{nr,rr}: plug info leak in hpt_ioctl

The hpt{nr,rr} ioctl handler allocates a buffer without M_ZERO and calls
hpt_do_ioctl(), which might not overwrite the entire buffer.

Also zero bytesReturned in case it is not written by hpt_do_ioctl().

The hpt27{nr,rr} device has permissions only for root so this is not urgent,
and the fix can be MFCd and considered for a future EN.

The same issue was reported in the hpt27xx driver by Ilja Van Sprundel.

Security:	memory disclosure in root-only ioctls
Sponsored by:	The FreeBSD Foundation

END