[PATCH 3.16 281/305] rds: fix an infoleak in rds_inc_info_copy

From: Ben Hutchings
Date: Sat Aug 13 2016 - 13:52:15 EST

Next message: Ben Hutchings: "[PATCH 3.16 224/305] ALSA: dummy: Fix a use-after-free at closing"
Previous message: Ben Hutchings: "[PATCH 3.2 29/94] sunrpc: Update RPCBIND_MAXNETIDLEN"
In reply to: Ben Hutchings: "[PATCH 3.16 005/305] ath5k: Change led pin configuration for compaq c700 laptop"
Next in thread: Ben Hutchings: "[PATCH 3.16 224/305] ALSA: dummy: Fix a use-after-free at closing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.16.37-rc1 review patch. If anyone has any objections, please let me know.

------------------

From: Kangjie Lu <kangjielu@xxxxxxxxx>

commit 4116def2337991b39919f3b448326e21c40e0dbb upstream.

The last field "flags" of object "minfo" is not initialized.
Copying this object out may leak kernel stack data.
Assign 0 to it to avoid leak.

Signed-off-by: Kangjie Lu <kjlu@xxxxxxxxxx>
Acked-by: Santosh Shilimkar <santosh.shilimkar@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
net/rds/recv.c | 2 ++
1 file changed, 2 insertions(+)

--- a/net/rds/recv.c
+++ b/net/rds/recv.c
@@ -543,5 +543,7 @@ void rds_inc_info_copy(struct rds_incomi
minfo.fport = inc->i_hdr.h_dport;
}

+ minfo.flags = 0;
+
rds_info_copy(iter, &minfo, sizeof(minfo));
}

Next message: Ben Hutchings: "[PATCH 3.16 224/305] ALSA: dummy: Fix a use-after-free at closing"
Previous message: Ben Hutchings: "[PATCH 3.2 29/94] sunrpc: Update RPCBIND_MAXNETIDLEN"
In reply to: Ben Hutchings: "[PATCH 3.16 005/305] ath5k: Change led pin configuration for compaq c700 laptop"
Next in thread: Ben Hutchings: "[PATCH 3.16 224/305] ALSA: dummy: Fix a use-after-free at closing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]