Re: [PATCH net] appletalk: aarp: zero-initialize aarp_entry to prevent heap info leak

Next message: Simon Horman: "Re: [PATCH net] octeontx2-af: Validate NIX maximum LFs correctly"
Previous message: Viacheslav Dubeyko: "Re: [PATCH v3] ceph: fix writeback_count leak in write_folio_nounlock()"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH net] appletalk: aarp: zero-initialize aarp_entry to prevent heap info leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Simon Horman

Date: Wed Jun 03 2026 - 13:01:15 EST

On Fri, May 29, 2026 at 06:50:16PM +0800, Yizhou Zhao wrote:
> aarp_alloc() allocates struct aarp_entry without zeroing it, but only
> initializes refcnt and packet_queue. When an unresolved AARP entry is
> created, hwaddr[ETH_ALEN] is left uninitialized.
>
> aarp_seq_show() later prints this field with %pM when users read
> /proc/net/atalk/arp. This can expose 6 bytes of stale heap data for
> each unresolved entry.
>
> Fix this by zero-initializing struct aarp_entry at allocation time.
>
> Reported-by: Yizhou Zhao <zhaoyz24@xxxxxxxxxxxxxxxxxxxxx>
> Reported-by: Yuxiang Yang <yangyx22@xxxxxxxxxxxxxxxxxxxxx>
> Reported-by: Ao Wang <wangao@xxxxxxxxxx>
> Reported-by: Xuewei Feng <fengxw06@xxxxxxx>
> Reported-by: Qi Li <qli01@xxxxxxxxxxxxxxx>
> Reported-by: Ke Xu <xuke@xxxxxxxxxxxxxxx>
> Assisted-by: GLM:GLM-5.1
> Signed-off-by: Yizhou Zhao <zhaoyz24@xxxxxxxxxxxxxxxxxxxxx>

Reviewed-by: Simon Horman <horms@xxxxxxxxxx>

FTR, there is an AI generated review of this patch available on sashiko.dev.
However, the issues flagged there appear to be pre-existing and I do not
believe they should block progress of this patch.