]> git.kernelconcepts.de Git - karo-tx-linux.git/commitdiff
projects / karo-tx-linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3cee5ca)
can: Fix raw_getname() leak
authorEric Dumazet <eric.dumazet@gmail.com>
Thu, 6 Aug 2009 20:27:04 +0000 (20:27 +0000)
committerGreg Kroah-Hartman <gregkh@suse.de>
Wed, 9 Sep 2009 03:17:32 +0000 (20:17 -0700)
commit e84b90ae5eb3c112d1f208964df1d8156a538289 upstream.

raw_getname() can leak 10 bytes of kernel memory to user

(two bytes hole between can_family and can_ifindex,
8 bytes at the end of sockaddr_can structure)

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Oliver Hartkopp <oliver@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
net/can/raw.c patch | blob | history

diff --git a/net/can/raw.c b/net/can/raw.c
index 6e0663faaf9fcdea78d0f57947489e429d764cdd..08f31d4c480d99069943d9d2e94b86bdf6fc1bc5 100644 (file)
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -396,6 +396,7 @@ static int raw_getname(struct socket *sock, struct sockaddr *uaddr,
        if (peer)
                return -EOPNOTSUPP;
 
+       memset(addr, 0, sizeof(*addr));
        addr->can_family  = AF_CAN;
        addr->can_ifindex = ro->ifindex;
 
Linux kernel for KaRo TX COM modules