ACK: [CVE-2016-4485][Precise, Trusty, LTS-Utopic, Vivid, Wily, Xenial] net: fix infoleak in llc

Brad Figg brad.figg at canonical.com
Tue May 10 20:28:43 UTC 2016 

On Tue, May 10, 2016 at 03:12:22PM +0100, Luis Henriques wrote:
> From: Kangjie Lu <kangjielu at gmail.com>
> 
> The stack object “info” has a total size of 12 bytes. Its last byte
> is padding which is not initialized and leaked via “put_cmsg”.
> 
> Signed-off-by: Kangjie Lu <kjlu at gatech.edu>
> Signed-off-by: David S. Miller <davem at davemloft.net>
> (cherry picked from commit b8670c09f37bdf2847cc44f36511a53afc6161fd)
> CVE-2016-4485
> BugLink: https://bugs.launchpad.net/bugs/1578496
> Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
> ---
>  net/llc/af_llc.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
> index f432d7b6d93a..7752b2ffbc43 100644
> --- a/net/llc/af_llc.c
> +++ b/net/llc/af_llc.c
> @@ -627,6 +627,7 @@ static void llc_cmsg_rcv(struct msghdr *msg, struct sk_buff *skb)
>  	if (llc->cmsg_flags & LLC_CMSG_PKTINFO) {
>  		struct llc_pktinfo info;
>  
> +		memset(&info, 0, sizeof(info));
>  		info.lpi_ifindex = llc_sk(skb->sk)->dev->ifindex;
>  		llc_pdu_decode_dsap(skb, &info.lpi_sap);
>  		llc_pdu_decode_da(skb, info.lpi_mac);
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Looks good.

-- 
Brad Figg brad.figg at canonical.com http://www.canonical.com

More information about the kernel-team mailing list