* [PATCH] net/sctp: use memset avoid infoleaks
@ 2022-03-01 8:18 cgel.zte
2022-03-03 6:18 ` Jakub Kicinski
0 siblings, 1 reply; 2+ messages in thread
From: cgel.zte @ 2022-03-01 8:18 UTC (permalink / raw)
To: vyasevich
Cc: nhorman, marcelo.leitner, davem, kuba, linux-sctp, netdev,
linux-kernel, Minghao Chi, Zeal Robot
From: Minghao Chi (CGEL ZTE) <chi.minghao@zte.com.cn>
Use memset to initialize structs to preventing infoleaks
in sctp_auth_chunk_verify
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Minghao Chi (CGEL ZTE) <chi.minghao@zte.com.cn>
---
net/sctp/sm_statefuns.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index cc544a97c4af..7ff16d12e0c5 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -652,6 +652,7 @@ static bool sctp_auth_chunk_verify(struct net *net, struct sctp_chunk *chunk,
return false;
/* set-up our fake chunk so that we can process it */
+ memset(&auth, 0x0, sizeof(auth));
auth.skb = chunk->auth_chunk;
auth.asoc = chunk->asoc;
auth.sctp_hdr = chunk->sctp_hdr;
--
2.25.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] net/sctp: use memset avoid infoleaks
2022-03-01 8:18 [PATCH] net/sctp: use memset avoid infoleaks cgel.zte
@ 2022-03-03 6:18 ` Jakub Kicinski
0 siblings, 0 replies; 2+ messages in thread
From: Jakub Kicinski @ 2022-03-03 6:18 UTC (permalink / raw)
To: cgel.zte
Cc: vyasevich, nhorman, marcelo.leitner, davem, linux-sctp, netdev,
linux-kernel, Minghao Chi, Zeal Robot
On Tue, 1 Mar 2022 08:18:55 +0000 cgel.zte@gmail.com wrote:
> From: Minghao Chi (CGEL ZTE) <chi.minghao@zte.com.cn>
>
> Use memset to initialize structs to preventing infoleaks
> in sctp_auth_chunk_verify
Please explain where it's leaked to. Looks like a parameter structure
that's used by the called but not copied anywhere.
> diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
> index cc544a97c4af..7ff16d12e0c5 100644
> --- a/net/sctp/sm_statefuns.c
> +++ b/net/sctp/sm_statefuns.c
> @@ -652,6 +652,7 @@ static bool sctp_auth_chunk_verify(struct net *net, struct sctp_chunk *chunk,
> return false;
>
> /* set-up our fake chunk so that we can process it */
> + memset(&auth, 0x0, sizeof(auth));
> auth.skb = chunk->auth_chunk;
> auth.asoc = chunk->asoc;
> auth.sctp_hdr = chunk->sctp_hdr;
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-03-03 6:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-01 8:18 [PATCH] net/sctp: use memset avoid infoleaks cgel.zte
2022-03-03 6:18 ` Jakub Kicinski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).