diff options
| author | Mathias Krause <minipli@googlemail.com> | 2012-08-15 07:31:56 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2012-08-16 00:36:31 -0400 |
| commit | 2d8a041b7bfe1097af21441cb77d6af95f4f4680 (patch) | |
| tree | 5196f6e5691d8de3915bbb11ed84dd54ca6302c8 /net | |
| parent | 7b07f8eb75aa3097cdfd4f6eac3da49db787381d (diff) | |
ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT)
If at least one of CONFIG_IP_VS_PROTO_TCP or CONFIG_IP_VS_PROTO_UDP is
not set, __ip_vs_get_timeouts() does not fully initialize the structure
that gets copied to userland and that for leaks up to 12 bytes of kernel
stack. Add an explicit memset(0) before passing the structure to
__ip_vs_get_timeouts() to avoid the info leak.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Wensong Zhang <wensong@linux-vs.org>
Cc: Simon Horman <horms@verge.net.au>
Cc: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_ctl.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 84444dda194b..72bf32a84874 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c | |||
| @@ -2759,6 +2759,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) | |||
| 2759 | { | 2759 | { |
| 2760 | struct ip_vs_timeout_user t; | 2760 | struct ip_vs_timeout_user t; |
| 2761 | 2761 | ||
| 2762 | memset(&t, 0, sizeof(t)); | ||
| 2762 | __ip_vs_get_timeouts(net, &t); | 2763 | __ip_vs_get_timeouts(net, &t); |
| 2763 | if (copy_to_user(user, &t, sizeof(t)) != 0) | 2764 | if (copy_to_user(user, &t, sizeof(t)) != 0) |
| 2764 | ret = -EFAULT; | 2765 | ret = -EFAULT; |