netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [patch] gre: information leak in ip6_tnl_ioctl()
@ 2012-08-16 13:14 Dan Carpenter
  2012-08-20  9:21 ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2012-08-16 13:14 UTC (permalink / raw)
  To: xeb
  Cc: David S. Miller, Alexey Kuznetsov, James Morris,
	Hideaki YOSHIFUJI, Patrick McHardy, netdev, kernel-janitors

There is a one byte hole between p->hop_limit and p->flowinfo where
stack memory is leaked to the user.  This was introduced in c12b395a46
"gre: Support GRE over IPv6".

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
This is only needed in linux-next.

diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 33d2a0e..cb7e2de 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1312,6 +1312,8 @@ ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
 			}
 			ip6_tnl_parm_from_user(&p1, &p);
 			t = ip6_tnl_locate(net, &p1, 0);
+		} else {
+			memset(&p, 0, sizeof(p));
 		}
 		if (t == NULL)
 			t = netdev_priv(dev);

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [patch] gre: information leak in ip6_tnl_ioctl()
  2012-08-16 13:14 [patch] gre: information leak in ip6_tnl_ioctl() Dan Carpenter
@ 2012-08-20  9:21 ` David Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2012-08-20  9:21 UTC (permalink / raw)
  To: dan.carpenter
  Cc: xeb, kuznet, jmorris, yoshfuji, kaber, netdev, kernel-janitors

From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Thu, 16 Aug 2012 16:14:04 +0300

> There is a one byte hole between p->hop_limit and p->flowinfo where
> stack memory is leaked to the user.  This was introduced in c12b395a46
> "gre: Support GRE over IPv6".
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Applied, thanks Dan.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-08-20  9:21 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-08-16 13:14 [patch] gre: information leak in ip6_tnl_ioctl() Dan Carpenter
2012-08-20  9:21 ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).