Skip to content

Commit

Permalink
net: tipc: fix information leak to userland
Browse files Browse the repository at this point in the history 
Structure sockaddr_tipc is copied to userland with padding bytes after
"id" field in union field "name" unitialized.  It leads to leaking of
contents of kernel stack memory.  We have to initialize them to zero.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Kulikov Vasiliy authored and David S. Miller committed Nov 9, 2010
1 parent ea80907 commit 88f8a5e
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions net/tipc/socket.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -396,6 +396,7 @@ static int get_name(struct socket *sock, struct sockaddr *uaddr,
struct sockaddr_tipc *addr = (struct sockaddr_tipc *)uaddr;
struct tipc_sock *tsock = tipc_sk(sock->sk);

memset(addr, 0, sizeof(*addr));
if (peer) {
if ((sock->state != SS_CONNECTED) &&
((peer != 2) || (sock->state != SS_DISCONNECTING)))
Expand Down

0 comments on commit 88f8a5e

Please sign in to comment.