Information leak in tipc code: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3877
From: Kulikov Vasiliy <[email protected]> Date: Sun, 31 Oct 2010 07:10:32 +0000 Subject: [PATCH] net: tipc: fix information leak to userland
commit 88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52 upstream. Structure sockaddr_tipc is copied to userland with padding bytes after "id" field in union field "name" unitialized. It leads to leaking of contents of kernel stack memory. We have to initialize them to zero. Signed-off-by: Vasiliy Kulikov <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/tipc/socket.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/net/tipc/socket.c b/net/tipc/socket.c index 33217fc..e9f0d50 100644 --- a/net/tipc/socket.c +++ b/net/tipc/socket.c @@ -396,6 +396,7 @@ static int get_name(struct socket *sock, struct sockaddr *uaddr, struct sockaddr_tipc *addr = (struct sockaddr_tipc *)uaddr; struct tipc_sock *tsock = tipc_sk(sock->sk); + memset(addr, 0, sizeof(*addr)); if (peer) { if ((sock->state != SS_CONNECTED) && ((peer != 2) || (sock->state != SS_DISCONNECTING))) -- 1.7.3.4
_______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
