* [patch] netrom: info leak in ->getname()
@ 2013-04-23 6:22 Dan Carpenter
2013-04-23 8:52 ` Ralf Baechle
2013-04-25 5:48 ` [patch] netrom: info leak in ->getname() David Miller
0 siblings, 2 replies; 4+ messages in thread
From: Dan Carpenter @ 2013-04-23 6:22 UTC (permalink / raw)
To: Ralf Baechle; +Cc: David S. Miller, linux-hams, netdev, kernel-janitors
The sockaddr_ax25 struct has a 3 byte hole between ->sax25_call and
->sax25_ndigis. I've added a memset to avoid leaking uninitialized
stack data to userspace.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 103bd70..ec0c80f 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -834,6 +834,8 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
struct sock *sk = sock->sk;
struct nr_sock *nr = nr_sk(sk);
+ memset(&sax->fsa_ax25, 0, sizeof(struct sockaddr_ax25));
+
lock_sock(sk);
if (peer != 0) {
if (sk->sk_state != TCP_ESTABLISHED) {
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [patch] netrom: info leak in ->getname()
2013-04-23 6:22 [patch] netrom: info leak in ->getname() Dan Carpenter
@ 2013-04-23 8:52 ` Ralf Baechle
2013-07-06 6:53 ` linux-ax25 seems to be having problems Cathryn Mataga
2013-04-25 5:48 ` [patch] netrom: info leak in ->getname() David Miller
1 sibling, 1 reply; 4+ messages in thread
From: Ralf Baechle @ 2013-04-23 8:52 UTC (permalink / raw)
To: Dan Carpenter; +Cc: David S. Miller, linux-hams, netdev, kernel-janitors
On Tue, Apr 23, 2013 at 09:22:51AM +0300, Dan Carpenter wrote:
> The sockaddr_ax25 struct has a 3 byte hole between ->sax25_call and
> ->sax25_ndigis. I've added a memset to avoid leaking uninitialized
> stack data to userspace.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
> index 103bd70..ec0c80f 100644
> --- a/net/netrom/af_netrom.c
> +++ b/net/netrom/af_netrom.c
> @@ -834,6 +834,8 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
> struct sock *sk = sock->sk;
> struct nr_sock *nr = nr_sk(sk);
>
> + memset(&sax->fsa_ax25, 0, sizeof(struct sockaddr_ax25));
> +
> lock_sock(sk);
> if (peer != 0) {
> if (sk->sk_state != TCP_ESTABLISHED) {
Good catch.
Acked-by: Ralf Baechle <ralf@linux-mips.org>
Ralf
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [patch] netrom: info leak in ->getname()
2013-04-23 6:22 [patch] netrom: info leak in ->getname() Dan Carpenter
2013-04-23 8:52 ` Ralf Baechle
@ 2013-04-25 5:48 ` David Miller
1 sibling, 0 replies; 4+ messages in thread
From: David Miller @ 2013-04-25 5:48 UTC (permalink / raw)
To: dan.carpenter; +Cc: ralf, linux-hams, netdev, kernel-janitors
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue, 23 Apr 2013 09:22:51 +0300
> The sockaddr_ax25 struct has a 3 byte hole between ->sax25_call and
> ->sax25_ndigis. I've added a memset to avoid leaking uninitialized
> stack data to userspace.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Applied.
^ permalink raw reply [flat|nested] 4+ messages in thread
* linux-ax25 seems to be having problems.
2013-04-23 8:52 ` Ralf Baechle
@ 2013-07-06 6:53 ` Cathryn Mataga
0 siblings, 0 replies; 4+ messages in thread
From: Cathryn Mataga @ 2013-07-06 6:53 UTC (permalink / raw)
To: Ralf Baechle; +Cc: netdev, kernel-janitors
"Sorry! This site is experiencing technical difficulties." It says. I
think maybe it needs a kick.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-07-06 6:53 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-04-23 6:22 [patch] netrom: info leak in ->getname() Dan Carpenter
2013-04-23 8:52 ` Ralf Baechle
2013-07-06 6:53 ` linux-ax25 seems to be having problems Cathryn Mataga
2013-04-25 5:48 ` [patch] netrom: info leak in ->getname() David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).