DragonFlyBSD Kernel Audit
DF-0006 / fix.diff
← back to finding ↓ download raw
diff --git a/sys/kern/tty.c b/sys/kern/tty.c
index 0000000..1111111 100644
--- a/sys/kern/tty.c
+++ b/sys/kern/tty.c
@@ -2911,6 +2911,20 @@
 		t = *tp;
 		if (t.t_dev)
 			t.t_dev = (cdev_t)(uintptr_t)devid_from_dev(t.t_dev);
+		/* Do not leak kernel pointers to userspace. */
+		bzero(&t.t_token, sizeof(t.t_token));
+		t.t_pgrp = NULL;
+		t.t_session = NULL;
+		t.t_sigio = NULL;
+		t.t_rawq.c_data = NULL;
+		t.t_canq.c_data = NULL;
+		t.t_outq.c_data = NULL;
+		t.t_oproc = NULL;
+		t.t_stop = NULL;
+		t.t_param = NULL;
+		t.t_unhold = NULL;
+		t.t_sc = NULL;
+		t.t_slsc = NULL;
 		error = SYSCTL_OUT(req, (caddr_t)&t, sizeof(t));
 		if (error)
 			break;