Re: [PATCH] net: core: sock: fix information leak to userland
From: Eric Dumazet <hidden>
Date: 2010-10-30 14:36:04
Also in:
kernel-janitors, lkml
Le samedi 30 octobre 2010 à 18:26 +0400, Vasiliy Kulikov a écrit :
quoted hunk ↗ jump to hunk
"Address" variable might be not fully initialized in sock->ops->get_name(). The only current implementation is get_name(), it leaves some padding fields of sockaddr_tipc uninitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <redacted> --- Compile tested. net/core/sock.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-)diff --git a/net/core/sock.c b/net/core/sock.c index 3eed542..759dd81 100644 --- a/net/core/sock.c +++ b/net/core/sock.c@@ -930,6 +930,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, { char address[128]; + memset(&address, 0, sizeof(address)); if (sock->ops->getname(sock, (struct sockaddr *)address, &lv, 2)) return -ENOTCONN; if (lv < len)
??? Please fix the real bug.