Message ID | 20200814110428.405051-2-mkl@pengutronix.de |
---|---|
State | Accepted |
Delegated to: | David Miller |
Headers | show |
Series | [1/6] can: j1939: fix kernel-infoleak in j1939_sk_sock2sockaddr_can() | expand |
On Fri, Aug 14, 2020 at 6:20 AM Alexander Potapenko <glider@google.com> wrote: > > > > On Fri, Aug 14, 2020, 13:04 Marc Kleine-Budde <mkl@pengutronix.de> wrote: >> >> From: Eric Dumazet <edumazet@google.com> >> net/can/j1939/socket.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/net/can/j1939/socket.c b/net/can/j1939/socket.c >> index 78ff9b3f1d40..b634b680177f 100644 >> --- a/net/can/j1939/socket.c >> +++ b/net/can/j1939/socket.c >> @@ -553,6 +553,11 @@ static int j1939_sk_connect(struct socket *sock, struct sockaddr *uaddr, >> static void j1939_sk_sock2sockaddr_can(struct sockaddr_can *addr, >> const struct j1939_sock *jsk, int peer) >> { >> + /* There are two holes (2 bytes and 3 bytes) to clear to avoid >> + * leaking kernel information to user space. >> + */ > > > Do we want to keep these "2 bytes and 3 bytes' in sync with the struct layout in the future? Maybe it's not worth it to mention the exact sizes? struct is uapi, you will have a hard time trying to use these holes, since old kernels were sending crap/garbage/passwords ;)
diff --git a/net/can/j1939/socket.c b/net/can/j1939/socket.c index 78ff9b3f1d40..b634b680177f 100644 --- a/net/can/j1939/socket.c +++ b/net/can/j1939/socket.c @@ -553,6 +553,11 @@ static int j1939_sk_connect(struct socket *sock, struct sockaddr *uaddr, static void j1939_sk_sock2sockaddr_can(struct sockaddr_can *addr, const struct j1939_sock *jsk, int peer) { + /* There are two holes (2 bytes and 3 bytes) to clear to avoid + * leaking kernel information to user space. + */ + memset(addr, 0, J1939_MIN_NAMELEN); + addr->can_family = AF_CAN; addr->can_ifindex = jsk->ifindex; addr->can_addr.j1939.pgn = jsk->addr.pgn;