diff --git a/sys/kern/tty.c b/sys/kern/tty.c index 0000000..1111111 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -2911,6 +2911,20 @@ t = *tp; if (t.t_dev) t.t_dev = (cdev_t)(uintptr_t)devid_from_dev(t.t_dev); + /* Do not leak kernel pointers to userspace. */ + bzero(&t.t_token, sizeof(t.t_token)); + t.t_pgrp = NULL; + t.t_session = NULL; + t.t_sigio = NULL; + t.t_rawq.c_data = NULL; + t.t_canq.c_data = NULL; + t.t_outq.c_data = NULL; + t.t_oproc = NULL; + t.t_stop = NULL; + t.t_param = NULL; + t.t_unhold = NULL; + t.t_sc = NULL; + t.t_slsc = NULL; error = SYSCTL_OUT(req, (caddr_t)&t, sizeof(t)); if (error) break;