diff options
author | Eric Dumazet <eric.dumazet@gmail.com> | 2009-08-07 00:27:04 +0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2009-08-10 08:45:32 +0400 |
commit | e84b90ae5eb3c112d1f208964df1d8156a538289 (patch) | |
tree | 3f02cd521e1c59292db7d1962e262048760411cf | |
parent | b79a79471bd31d737c939a6ddc347417047b4320 (diff) | |
download | linux-e84b90ae5eb3c112d1f208964df1d8156a538289.tar.xz |
can: Fix raw_getname() leak
raw_getname() can leak 10 bytes of kernel memory to user
(two bytes hole between can_family and can_ifindex,
8 bytes at the end of sockaddr_can structure)
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Oliver Hartkopp <oliver@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/can/raw.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/can/raw.c b/net/can/raw.c index f4cc44548bda..db3152df7d2b 100644 --- a/net/can/raw.c +++ b/net/can/raw.c @@ -401,6 +401,7 @@ static int raw_getname(struct socket *sock, struct sockaddr *uaddr, if (peer) return -EOPNOTSUPP; + memset(addr, 0, sizeof(*addr)); addr->can_family = AF_CAN; addr->can_ifindex = ro->ifindex; |