[stable] Patch "net: ax25: fix information leak to userland" has been added to the 2.6.36-stable tree

Mon, 20 Dec 2010 11:55:49 -0800 

This is a note to let you know that I've just added the patch titled

    net: ax25: fix information leak to userland

to the 2.6.36-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-ax25-fix-information-leak-to-userland.patch
and it can be found in the queue-2.6.36 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.


>From 1f61298146dfba86e2bfc915ed4a55268fe8fb9c Mon Sep 17 00:00:00 2001
From: Vasiliy Kulikov <[email protected]>
Date: Wed, 10 Nov 2010 10:14:33 -0800
Subject: net: ax25: fix information leak to userland


From: Vasiliy Kulikov <[email protected]>

[ Upstream commit fe10ae53384e48c51996941b7720ee16995cbcb7 ]

Sometimes ax25_getname() doesn't initialize all members of fsa_digipeater
field of fsa struct, also the struct has padding bytes between
sax25_call and sax25_ndigis fields.  This structure is then copied to
userland.  It leads to leaking of contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
 net/ax25/af_ax25.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -1392,6 +1392,7 @@ static int ax25_getname(struct socket *s
        ax25_cb *ax25;
        int err = 0;
 
+       memset(fsa, 0, sizeof(fsa));
        lock_sock(sk);
        ax25 = ax25_sk(sk);
 
@@ -1403,7 +1404,6 @@ static int ax25_getname(struct socket *s
 
                fsa->fsa_ax25.sax25_family = AF_AX25;
                fsa->fsa_ax25.sax25_call   = ax25->dest_addr;
-               fsa->fsa_ax25.sax25_ndigis = 0;
 
                if (ax25->digipeat != NULL) {
                        ndigi = ax25->digipeat->ndigi;


Patches currently in stable-queue which might be from [email protected] are

queue-2.6.36/net-ax25-fix-information-leak-to-userland.patch
queue-2.6.36/net-packet-fix-information-leak-to-userland.patch

_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable

Reply via email to