diff options
author | Mathias Krause <minipli@googlemail.com> | 2013-04-07 05:51:57 +0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2013-04-08 00:28:02 +0400 |
commit | 3ce5efad47b62c57a4f5c54248347085a750ce0e (patch) | |
tree | 6ea783a53cab3815f147b9ade4bda5b3ad09b177 /net/netlink/af_netlink.c | |
parent | c77a4b9cffb6215a15196ec499490d116dfad181 (diff) | |
download | linux-3ce5efad47b62c57a4f5c54248347085a750ce0e.tar.xz |
netrom: fix info leak via msg_name in nr_recvmsg()
In case msg_name is set the sockaddr info gets filled out, as
requested, but the code fails to initialize the padding bytes of
struct sockaddr_ax25 inserted by the compiler for alignment. Also
the sax25_ndigis member does not get assigned, leaking four more
bytes.
Both issues lead to the fact that the code will leak uninitialized
kernel stack bytes in net/socket.c.
Fix both issues by initializing the memory with memset(0).
Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netlink/af_netlink.c')
0 files changed, 0 insertions, 0 deletions