diff options
| author | Mathias Krause <minipli@googlemail.com> | 2013-09-30 16:05:40 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-11-04 07:31:02 -0500 |
| commit | 39283085a92262f9446b95d36df9724902b7579a (patch) | |
| tree | c416c8b00c519e8ded53981fc5d398ade745d5c2 | |
| parent | 3a26736015acfc8745db623efa7f57bc982ed516 (diff) | |
unix_diag: fix info leak
[ Upstream commit 6865d1e834be84ddd5808d93d5035b492346c64a ]
When filling the netlink message we miss to wipe the pad field,
therefore leak one byte of heap memory to userland. Fix this by
setting pad to 0.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | net/unix/diag.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/unix/diag.c b/net/unix/diag.c index d591091603bf..86fa0f3b2caf 100644 --- a/net/unix/diag.c +++ b/net/unix/diag.c | |||
| @@ -124,6 +124,7 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r | |||
| 124 | rep->udiag_family = AF_UNIX; | 124 | rep->udiag_family = AF_UNIX; |
| 125 | rep->udiag_type = sk->sk_type; | 125 | rep->udiag_type = sk->sk_type; |
| 126 | rep->udiag_state = sk->sk_state; | 126 | rep->udiag_state = sk->sk_state; |
| 127 | rep->pad = 0; | ||
| 127 | rep->udiag_ino = sk_ino; | 128 | rep->udiag_ino = sk_ino; |
| 128 | sock_diag_save_cookie(sk, rep->udiag_cookie); | 129 | sock_diag_save_cookie(sk, rep->udiag_cookie); |
| 129 | 130 | ||