* [PATCH]: mmap packet socket information leak (trivial)
@ 2002-05-29 11:58 Gianni Tedesco
2002-06-07 9:53 ` David S. Miller
0 siblings, 1 reply; 2+ messages in thread
From: Gianni Tedesco @ 2002-05-29 11:58 UTC (permalink / raw)
To: Linux Kernel
Hi,
Here is a quick patch which blanks the mmap() packet socket buffer areas
before using them. Previously you would get uninitialised data inbetween
the data structures where they are TPACKET_ALIGNED().
The root user could potentially unwittingly save this data to a file and
distribute it not knowing his password was in it or whatever... Not very
likely but its worth fixing IMHO :)
Regards
diff -urN linux.orig/net/packet/af_packet.c linux/net/packet/af_packet.c
--- linux.orig/net/packet/af_packet.c Wed May 29 12:30:10 2002
+++ linux/net/packet/af_packet.c Wed May 29 12:29:10 2002
@@ -1679,6 +1679,7 @@
int k;
for (k=0; k<frames_per_block; k++, l++) {
+ memset((void *)ptr, 0, req->tp_frame_size);
io_vec[l] = (struct tpacket_hdr*)ptr;
io_vec[l]->tp_status = TP_STATUS_KERNEL;
ptr += req->tp_frame_size;
--
// Gianni Tedesco <gianni@ecsc.co.uk>
8646BE7D: 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH]: mmap packet socket information leak (trivial)
2002-05-29 11:58 [PATCH]: mmap packet socket information leak (trivial) Gianni Tedesco
@ 2002-06-07 9:53 ` David S. Miller
0 siblings, 0 replies; 2+ messages in thread
From: David S. Miller @ 2002-06-07 9:53 UTC (permalink / raw)
To: gianni; +Cc: linux-kernel
From: Gianni Tedesco <gianni@ecsc.co.uk>
Date: 29 May 2002 12:58:55 +0100
Here is a quick patch which blanks the mmap() packet socket buffer areas
before using them. Previously you would get uninitialised data inbetween
the data structures where they are TPACKET_ALIGNED().
...
diff -urN linux.orig/net/packet/af_packet.c linux/net/packet/af_packet.c
--- linux.orig/net/packet/af_packet.c Wed May 29 12:30:10 2002
+++ linux/net/packet/af_packet.c Wed May 29 12:29:10 2002
The following seems simpler and is what I checked into my
tree.
# This is a BitKeeper generated patch for the following project:
# Project Name: Linux kernel tree
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
# ChangeSet 1.539 -> 1.540
# net/packet/af_packet.c 1.9 -> 1.10
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 02/06/07 davem@nuts.ninka.net 1.540
# AF_PACKET: Clear out packet-mmap pages.
# --------------------------------------------
#
diff -Nru a/net/packet/af_packet.c b/net/packet/af_packet.c
--- a/net/packet/af_packet.c Fri Jun 7 02:53:22 2002
+++ b/net/packet/af_packet.c Fri Jun 7 02:53:22 2002
@@ -1662,7 +1662,7 @@
pg_vec[i] = __get_free_pages(GFP_KERNEL, order);
if (!pg_vec[i])
goto out_free_pgvec;
-
+ memset((void *)(pg_vec[i]), 0, PAGE_SIZE << order);
pend = virt_to_page(pg_vec[i] + (PAGE_SIZE << order) - 1);
for (page = virt_to_page(pg_vec[i]); page <= pend; page++)
SetPageReserved(page);
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-06-07 9:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-05-29 11:58 [PATCH]: mmap packet socket information leak (trivial) Gianni Tedesco
2002-06-07 9:53 ` David S. Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox