diff options
| author | Dan Carpenter <dan.carpenter@oracle.com> | 2013-04-22 16:22:51 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-04-25 01:47:58 -0400 |
| commit | 7a3b68434b1b5fb7b9a6184efb26822cd1a54cc8 (patch) | |
| tree | 6b2e5cbcfca48b1229396fd19773386f7eefd62e | |
| parent | fccc9f1fa878d9599aa583f0fec3bca95639667d (diff) | |
netrom: info leak in ->getname()
The sockaddr_ax25 struct has a 3 byte hole between ->sax25_call and
->sax25_ndigis. I've added a memset to avoid leaking uninitialized
stack data to userspace.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/netrom/af_netrom.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c index 103bd704b5fc..ec0c80fde69f 100644 --- a/net/netrom/af_netrom.c +++ b/net/netrom/af_netrom.c | |||
| @@ -834,6 +834,8 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr, | |||
| 834 | struct sock *sk = sock->sk; | 834 | struct sock *sk = sock->sk; |
| 835 | struct nr_sock *nr = nr_sk(sk); | 835 | struct nr_sock *nr = nr_sk(sk); |
| 836 | 836 | ||
| 837 | memset(&sax->fsa_ax25, 0, sizeof(struct sockaddr_ax25)); | ||
| 838 | |||
| 837 | lock_sock(sk); | 839 | lock_sock(sk); |
| 838 | if (peer != 0) { | 840 | if (peer != 0) { |
| 839 | if (sk->sk_state != TCP_ESTABLISHED) { | 841 | if (sk->sk_state != TCP_ESTABLISHED) { |