[hardy CVE 1/1] net: tipc: fix information leak to userland
Andy Whitcroft
apw at canonical.com
Tue Feb 1 15:53:00 UTC 2011
From: Kulikov Vasiliy <segooon at gmail.com>
Structure sockaddr_tipc is copied to userland with padding bytes after
"id" field in union field "name" unitialized. It leads to leaking of
contents of kernel stack memory. We have to initialize them to zero.
Signed-off-by: Vasiliy Kulikov <segooon at gmail.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
CVE-2010-3877
(backported from commit 88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52 upstream)
BugLink: http://bugs.launchpad.net/bugs/711291
Signed-off-by: Andy Whitcroft <apw at canonical.com>
---
net/tipc/socket.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 24ddfd2..a7be154 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -370,6 +370,7 @@ static int get_name(struct socket *sock, struct sockaddr *uaddr,
if (down_interruptible(&tsock->sem))
return -ERESTARTSYS;
+ memset(addr, 0, sizeof(*addr));
*uaddr_len = sizeof(*addr);
addr->addrtype = TIPC_ADDR_ID;
addr->family = AF_TIPC;
--
1.7.1
More information about the kernel-team
mailing list