From patchwork Sun Dec 26 16:54:53 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Rosenberg X-Patchwork-Id: 76716 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id B6EB3B6EDF for ; Mon, 27 Dec 2010 03:55:24 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752377Ab0LZQzT (ORCPT ); Sun, 26 Dec 2010 11:55:19 -0500 Received: from mx1.vsecurity.com ([209.67.252.12]:51082 "EHLO mx1.vsecurity.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752358Ab0LZQzS (ORCPT ); Sun, 26 Dec 2010 11:55:18 -0500 Received: (qmail 57331 invoked from network); 26 Dec 2010 16:55:17 -0000 Received: from c-98-229-66-118.hsd1.ma.comcast.net (HELO [192.168.1.109]) (drosenbe@[98.229.66.118]) (envelope-sender ) by mx1.vsecurity.com (qmail-ldap-1.03) with SMTP for ; 26 Dec 2010 16:55:17 -0000 Subject: [PATCH v2] CAN: Use inode instead of kernel address for /proc file From: Dan Rosenberg To: Oliver Hartkopp , Urs Thuermann , "David S. Miller" Cc: netdev@vger.kernel.org, security@kernel.org Date: Sun, 26 Dec 2010 11:54:53 -0500 Message-ID: <1293382493.9764.54.camel@Dan> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Since the socket address is just being used as a unique identifier, its inode number is an alternative that does not leak potentially sensitive information. CC-ing stable because MITRE has assigned CVE-2010-4565 to the issue. Signed-off-by: Dan Rosenberg Cc: stable Acked-by: Oliver Hartkopp --- net/can/bcm.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/can/bcm.c b/net/can/bcm.c index 6faa825..bc51b56 100644 --- a/net/can/bcm.c +++ b/net/can/bcm.c @@ -125,7 +125,7 @@ struct bcm_sock { struct list_head tx_ops; unsigned long dropped_usr_msgs; struct proc_dir_entry *bcm_proc_read; - char procname [20]; /* pointer printed in ASCII with \0 */ + char procname [32]; /* inode number in decimal with \0 */ }; static inline struct bcm_sock *bcm_sk(const struct sock *sk) @@ -1521,7 +1521,7 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len, if (proc_dir) { /* unique socket address as filename */ - sprintf(bo->procname, "%p", sock); + sprintf(bo->procname, "%lu", sock_i_ino(sk)); bo->bcm_proc_read = proc_create_data(bo->procname, 0644, proc_dir, &bcm_proc_fops, sk);