aboutsummaryrefslogtreecommitdiffstats
path: root/net/netrom/af_netrom.c
diff options
context:
space:
mode:
authorMathias Krause <minipli@googlemail.com>2013-04-06 21:51:57 -0400
committerDavid S. Miller <davem@davemloft.net>2013-04-07 16:28:02 -0400
commit3ce5efad47b62c57a4f5c54248347085a750ce0e (patch)
tree6ea783a53cab3815f147b9ade4bda5b3ad09b177 /net/netrom/af_netrom.c
parentc77a4b9cffb6215a15196ec499490d116dfad181 (diff)
netrom: fix info leak via msg_name in nr_recvmsg()
In case msg_name is set the sockaddr info gets filled out, as requested, but the code fails to initialize the padding bytes of struct sockaddr_ax25 inserted by the compiler for alignment. Also the sax25_ndigis member does not get assigned, leaking four more bytes. Both issues lead to the fact that the code will leak uninitialized kernel stack bytes in net/socket.c. Fix both issues by initializing the memory with memset(0). Cc: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netrom/af_netrom.c')
-rw-r--r--net/netrom/af_netrom.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index d1fa1d9ffd2e..7fcb307dea47 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -1173,6 +1173,7 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock,
1173 } 1173 }
1174 1174
1175 if (sax != NULL) { 1175 if (sax != NULL) {
1176 memset(sax, 0, sizeof(sax));
1176 sax->sax25_family = AF_NETROM; 1177 sax->sax25_family = AF_NETROM;
1177 skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, 1178 skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call,
1178 AX25_ADDR_LEN); 1179 AX25_ADDR_LEN);