From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Vlad Tsyrklevich <vlad@tsyrklevich.net>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <alexander.levin@verizon.com>
Subject: [PATCH 3.18 11/26] net/appletalk: Fix kernel memory disclosure
Date: Thu, 7 Dec 2017 13:48:24 +0100 [thread overview]
Message-ID: <20171207124656.149777395@linuxfoundation.org> (raw)
In-Reply-To: <20171207124654.669583826@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vlad Tsyrklevich <vlad@tsyrklevich.net>
[ Upstream commit ce7e40c432ba84da104438f6799d460a4cad41bc ]
ipddp_route structs contain alignment padding so kernel heap memory
is leaked when they are copied to user space in
ipddp_ioctl(SIOCFINDIPDDPRT). Change kmalloc() to kzalloc() to clear
that memory.
Signed-off-by: Vlad Tsyrklevich <vlad@tsyrklevich.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/appletalk/ipddp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/appletalk/ipddp.c
+++ b/drivers/net/appletalk/ipddp.c
@@ -191,7 +191,7 @@ static netdev_tx_t ipddp_xmit(struct sk_
*/
static int ipddp_create(struct ipddp_route *new_rt)
{
- struct ipddp_route *rt = kmalloc(sizeof(*rt), GFP_KERNEL);
+ struct ipddp_route *rt = kzalloc(sizeof(*rt), GFP_KERNEL);
if (rt == NULL)
return -ENOMEM;
next prev parent reply other threads:[~2017-12-07 12:48 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-07 12:48 [PATCH 3.18 00/26] 3.18.87-stable review Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 01/26] bcache: only permit to recovery read error when cache device is clean Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 02/26] bcache: recover data from backing when data " Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 03/26] serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 04/26] spi: sh-msiof: Fix DMA transfer size check Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 05/26] EDAC, sb_edac: Fix missing break in switch Greg Kroah-Hartman
2017-12-07 12:48 ` [3.18,05/26] " Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 06/26] sysrq : fix Show Regs call trace on ARM Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 07/26] usbip: tools: Install all headers needed for libusbip development Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 08/26] perf test attr: Fix ignored test case result Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 09/26] ARM: OMAP1: DMA: Correct the number of logical channels Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 10/26] vti6: fix device register to report IFLA_INFO_KIND Greg Kroah-Hartman
2017-12-07 12:48 ` Greg Kroah-Hartman [this message]
2017-12-07 12:48 ` [PATCH 3.18 12/26] nfs: Dont take a reference on fl->fl_file for LOCK operation Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 13/26] NFSv4: Fix client recovery when server reboots multiple times Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 14/26] net: sctp: fix array overrun read on sctp_timer_tbl Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 15/26] tipc: fix cleanup at module unload Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 16/26] mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 17/26] net: fec: fix multicast filtering hardware setup Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 18/26] ima: fix hash algorithm initialization Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 19/26] uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 20/26] usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 21/26] serial: 8250_pci: Add Amazon PCI serial device ID Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 22/26] usb: hub: Cycle HUB power when initialization fails Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 23/26] USB: Increase usbfs transfer limit Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 24/26] USB: devio: Prevent integer overflow in proc_do_submiturb() Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 25/26] USB: usbfs: Filter flags passed in from user space Greg Kroah-Hartman
2017-12-07 12:48 ` [PATCH 3.18 26/26] usb: host: fix incorrect updating of offset Greg Kroah-Hartman
2017-12-07 20:54 ` [PATCH 3.18 00/26] 3.18.87-stable review Guenter Roeck
2017-12-08 0:06 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171207124656.149777395@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alexander.levin@verizon.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=vlad@tsyrklevich.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.