| From 88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52 Mon Sep 17 00:00:00 2001 |
| From: Kulikov Vasiliy <segooon@gmail.com> |
| Date: Sun, 31 Oct 2010 07:10:32 +0000 |
| Subject: net: tipc: fix information leak to userland |
| |
| From: Kulikov Vasiliy <segooon@gmail.com> |
| |
| commit 88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52 upstream. |
| |
| Structure sockaddr_tipc is copied to userland with padding bytes after |
| "id" field in union field "name" unitialized. It leads to leaking of |
| contents of kernel stack memory. We have to initialize them to zero. |
| |
| Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Cc: Moritz Muehlenhoff <jmm@debian.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| net/tipc/socket.c | 1 + |
| 1 file changed, 1 insertion(+) |
| |
| --- a/net/tipc/socket.c |
| +++ b/net/tipc/socket.c |
| @@ -395,6 +395,7 @@ static int get_name(struct socket *sock, |
| struct sockaddr_tipc *addr = (struct sockaddr_tipc *)uaddr; |
| struct tipc_sock *tsock = tipc_sk(sock->sk); |
| |
| + memset(addr, 0, sizeof(*addr)); |
| if (peer) { |
| if ((sock->state != SS_CONNECTED) && |
| ((peer != 2) || (sock->state != SS_DISCONNECTING))) |
