[PATCH]: mmap packet socket information leak (trivial)

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH]: mmap packet socket information leak (trivial)
@ 2002-05-29 11:58 Gianni Tedesco
  2002-06-07  9:53 ` David S. Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Gianni Tedesco @ 2002-05-29 11:58 UTC (permalink / raw)
  To: Linux Kernel

Hi,

Here is a quick patch which blanks the mmap() packet socket buffer areas
before using them. Previously you would get uninitialised data inbetween
the data structures where they are TPACKET_ALIGNED().

The root user could potentially unwittingly save this data to a file and
distribute it not knowing his password was in it or whatever... Not very
likely but its worth fixing IMHO :)

Regards

diff -urN linux.orig/net/packet/af_packet.c linux/net/packet/af_packet.c
--- linux.orig/net/packet/af_packet.c	Wed May 29 12:30:10 2002
+++ linux/net/packet/af_packet.c	Wed May 29 12:29:10 2002
@@ -1679,6 +1679,7 @@
 			int k;

 			for (k=0; k<frames_per_block; k++, l++) {
+				memset((void *)ptr, 0, req->tp_frame_size);
 				io_vec[l] = (struct tpacket_hdr*)ptr;
 				io_vec[l]->tp_status = TP_STATUS_KERNEL;
 				ptr += req->tp_frame_size;

-- 
// Gianni Tedesco <gianni@ecsc.co.uk>
8646BE7D: 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH]: mmap packet socket information leak (trivial)
  2002-05-29 11:58 [PATCH]: mmap packet socket information leak (trivial) Gianni Tedesco
@ 2002-06-07  9:53 ` David S. Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David S. Miller @ 2002-06-07  9:53 UTC (permalink / raw)
  To: gianni; +Cc: linux-kernel

   From: Gianni Tedesco <gianni@ecsc.co.uk>
   Date: 29 May 2002 12:58:55 +0100

   Here is a quick patch which blanks the mmap() packet socket buffer areas
   before using them. Previously you would get uninitialised data inbetween
   the data structures where they are TPACKET_ALIGNED().
   
 ...
   
   diff -urN linux.orig/net/packet/af_packet.c linux/net/packet/af_packet.c
   --- linux.orig/net/packet/af_packet.c	Wed May 29 12:30:10 2002
   +++ linux/net/packet/af_packet.c	Wed May 29 12:29:10 2002

The following seems simpler and is what I checked into my
tree.

# This is a BitKeeper generated patch for the following project:
# Project Name: Linux kernel tree
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
#	           ChangeSet	1.539   -> 1.540  
#	net/packet/af_packet.c	1.9     -> 1.10   
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 02/06/07	davem@nuts.ninka.net	1.540
# AF_PACKET: Clear out packet-mmap pages.
# --------------------------------------------
#
diff -Nru a/net/packet/af_packet.c b/net/packet/af_packet.c
--- a/net/packet/af_packet.c	Fri Jun  7 02:53:22 2002
+++ b/net/packet/af_packet.c	Fri Jun  7 02:53:22 2002
@@ -1662,7 +1662,7 @@
 			pg_vec[i] = __get_free_pages(GFP_KERNEL, order);
 			if (!pg_vec[i])
 				goto out_free_pgvec;
-
+			memset((void *)(pg_vec[i]), 0, PAGE_SIZE << order);
 			pend = virt_to_page(pg_vec[i] + (PAGE_SIZE << order) - 1);
 			for (page = virt_to_page(pg_vec[i]); page <= pend; page++)
 				SetPageReserved(page);

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2002-06-07  9:56 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-05-29 11:58 [PATCH]: mmap packet socket information leak (trivial) Gianni Tedesco
2002-06-07  9:53 ` David S. Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox