From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Mathias Krause <minipli@googlemail.com>,
Dan Carpenter <dan.carpenter@oracle.com>,
Steffen Klassert <steffen.klassert@secunet.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [ 23/25] af_key: more info leaks in pfkey messages
Date: Thu, 8 Aug 2013 18:41:59 -0700 [thread overview]
Message-ID: <20130809013654.192037883@linuxfoundation.org> (raw)
In-Reply-To: <20130809013649.057678051@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit ff862a4668dd6dba962b1d2d8bd344afa6375683 ]
This is inspired by a5cc68f3d6 "af_key: fix info leaks in notify
messages". There are some struct members which don't get initialized
and could disclose small amounts of private information.
Acked-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/key/af_key.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2073,6 +2073,7 @@ static int pfkey_xfrm_policy2msg(struct
pol->sadb_x_policy_type = IPSEC_POLICY_NONE;
}
pol->sadb_x_policy_dir = dir+1;
+ pol->sadb_x_policy_reserved = 0;
pol->sadb_x_policy_id = xp->index;
pol->sadb_x_policy_priority = xp->priority;
@@ -3108,7 +3109,9 @@ static int pfkey_send_acquire(struct xfr
pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
pol->sadb_x_policy_dir = dir+1;
+ pol->sadb_x_policy_reserved = 0;
pol->sadb_x_policy_id = xp->index;
+ pol->sadb_x_policy_priority = xp->priority;
/* Set sadb_comb's. */
if (x->id.proto == IPPROTO_AH)
@@ -3496,6 +3499,7 @@ static int pfkey_send_migrate(const stru
pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
pol->sadb_x_policy_dir = dir + 1;
+ pol->sadb_x_policy_reserved = 0;
pol->sadb_x_policy_id = 0;
pol->sadb_x_policy_priority = 0;
next prev parent reply other threads:[~2013-08-09 1:51 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-09 1:41 [ 00/25] 3.4.57-stable review Greg Kroah-Hartman
2013-08-09 1:41 ` [ 01/25] ALSA: compress: fix the return value for SNDRV_COMPRESS_VERSION Greg Kroah-Hartman
2013-08-09 1:41 ` [ 02/25] serial/mxs-auart: fix race condition in interrupt handler Greg Kroah-Hartman
2013-08-09 1:41 ` [ 03/25] serial/mxs-auart: increase time to wait for transmitter to become idle Greg Kroah-Hartman
2013-08-09 1:41 ` [ 04/25] ath9k_htc: do some initial hardware configuration Greg Kroah-Hartman
2013-08-09 1:41 ` [ 05/25] nl80211: fix mgmt tx status and testmode reporting for netns Greg Kroah-Hartman
2013-08-09 1:41 ` [ 06/25] mac80211: fix duplicate retransmission detection Greg Kroah-Hartman
2013-08-09 1:41 ` [ 07/25] ixgbe: Fix Tx Hang issue with lldpad on 82598EB Greg Kroah-Hartman
2013-08-09 1:41 ` [ 08/25] rt2x00: fix stop queue Greg Kroah-Hartman
2013-08-09 1:41 ` [ 09/25] mwifiex: Add missing endian conversion Greg Kroah-Hartman
2013-08-09 1:41 ` [ 10/25] ACPI / battery: Fix parsing _BIX return value Greg Kroah-Hartman
2013-08-09 1:41 ` [ 11/25] sched: Fix the broken sched_rr_get_interval() Greg Kroah-Hartman
2013-08-09 1:41 ` [ 12/25] fanotify: info leak in copy_event_to_user() Greg Kroah-Hartman
2013-08-09 1:41 ` [ 13/25] perf: Fix event group context move Greg Kroah-Hartman
2013-08-09 1:41 ` [ 14/25] x86, fpu: correct the asm constraints for fxsave, unbreak mxcsr.daz Greg Kroah-Hartman
2013-08-09 1:41 ` [ 15/25] drm/i915: quirk no PCH_PWM_ENABLE for Dell XPS13 backlight Greg Kroah-Hartman
2013-08-09 1:41 ` [ 16/25] perf: Use css_tryget() to avoid propping up css refcount Greg Kroah-Hartman
2013-08-09 1:41 ` [ 17/25] arcnet: cleanup sizeof parameter Greg Kroah-Hartman
2013-08-09 1:41 ` [ 18/25] sysctl net: Keep tcp_syn_retries inside the boundary Greg Kroah-Hartman
2013-08-09 1:41 ` [ 19/25] sctp: fully initialize sctp_outq in sctp_outq_init Greg Kroah-Hartman
2013-08-09 1:41 ` [ 20/25] ipv6: take rtnl_lock and mark mrt6 table as freed on namespace cleanup Greg Kroah-Hartman
2013-08-09 1:41 ` [ 21/25] usbnet: do not pretend to support SG/TSO Greg Kroah-Hartman
2013-08-09 1:41 ` [ 22/25] net_sched: Fix stack info leak in cbq_dump_wrr() Greg Kroah-Hartman
2013-08-09 1:41 ` Greg Kroah-Hartman [this message]
2013-08-09 1:42 ` [ 24/25] net_sched: info leak in atm_tc_dump_class() Greg Kroah-Hartman
2013-08-09 1:42 ` [ 25/25] 8139cp: Add dma_mapping_error checking Greg Kroah-Hartman
2013-08-09 4:34 ` [ 00/25] 3.4.57-stable review Guenter Roeck
2013-08-10 22:08 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130809013654.192037883@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dan.carpenter@oracle.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=minipli@googlemail.com \
--cc=stable@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.