From patchwork Sat Oct 30 14:26:40 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kulikov Vasiliy X-Patchwork-Id: 69662 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id C9F28B7043 for ; Sun, 31 Oct 2010 01:28:43 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754215Ab0J3O0t (ORCPT ); Sat, 30 Oct 2010 10:26:49 -0400 Received: from mail-ey0-f174.google.com ([209.85.215.174]:51790 "EHLO mail-ey0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754273Ab0J3O0r (ORCPT ); Sat, 30 Oct 2010 10:26:47 -0400 Received: by mail-ey0-f174.google.com with SMTP id 27so2633732eye.19 for ; Sat, 30 Oct 2010 07:26:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:cc:subject:date :message-id:x-mailer; bh=HyR5nie3PoPwMKK1RQ4t6H+eJZmZrA+9VTses+vqqmk=; b=fEG23gKo3qIsXD1rcDps/7YI0CVus4gpZoKV61uSl3dWs1JV0rDMCUr+0wwSYKXZe2 W/25K2dlsdf6VRw/PQpEmgILYmHOHwDXE4mj/azr+aoRKFbeNBhgoEEqz7DNth2qDjrx 07mrHlkUWSBYl0F0P55M96WcZreJjAQP844DQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer; b=F6RsESbRALtUPdqgY6qnSiUki6FtpwWg7XX1anc+lIpdz6Uyf5R9LKynXoQ1gRAIg0 zp+bu4p99W5k7Tl1OZ7A0zUaXZG7ZfkIWsWDefCB1rAcDeGsETnPg2sH6R0qzeZUcREx jUGAGf/mxrV0u3fQ0lg0njX2XaUsjQAqu4nwo= Received: by 10.213.34.129 with SMTP id l1mr513961ebd.79.1288448805399; Sat, 30 Oct 2010 07:26:45 -0700 (PDT) Received: from localhost (ppp91-78-210-135.pppoe.mtu-net.ru [91.78.210.135]) by mx.google.com with ESMTPS id v56sm2615162eeh.14.2010.10.30.07.26.43 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 30 Oct 2010 07:26:44 -0700 (PDT) From: Vasiliy Kulikov To: kernel-janitors@vger.kernel.org Cc: "David S. Miller" , Eric Dumazet , "Eric W. Biederman" , Herbert Xu , "Paul E. McKenney" , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] net: core: sock: fix information leak to userland Date: Sat, 30 Oct 2010 18:26:40 +0400 Message-Id: <1288448801-6303-1-git-send-email-segooon@gmail.com> X-Mailer: git-send-email 1.7.0.4 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org "Address" variable might be not fully initialized in sock->ops->get_name(). The only current implementation is get_name(), it leaves some padding fields of sockaddr_tipc uninitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov --- Compile tested. net/core/sock.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/net/core/sock.c b/net/core/sock.c index 3eed542..759dd81 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -930,6 +930,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, { char address[128]; + memset(&address, 0, sizeof(address)); if (sock->ops->getname(sock, (struct sockaddr *)address, &lv, 2)) return -ENOTCONN; if (lv < len)