* [PATCH net] unix_diag: fix info leak
@ 2013-09-30 20:05 Mathias Krause
2013-10-02 20:08 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Mathias Krause @ 2013-09-30 20:05 UTC (permalink / raw)
To: David S. Miller; +Cc: Mathias Krause, netdev
When filling the netlink message we miss to wipe the pad field,
therefore leak one byte of heap memory to userland. Fix this by
setting pad to 0.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
---
Probably material for stable as well (v3.3+).
net/unix/diag.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/unix/diag.c b/net/unix/diag.c
index d591091..86fa0f3 100644
--- a/net/unix/diag.c
+++ b/net/unix/diag.c
@@ -124,6 +124,7 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r
rep->udiag_family = AF_UNIX;
rep->udiag_type = sk->sk_type;
rep->udiag_state = sk->sk_state;
+ rep->pad = 0;
rep->udiag_ino = sk_ino;
sock_diag_save_cookie(sk, rep->udiag_cookie);
--
1.7.10.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-10-02 20:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-30 20:05 [PATCH net] unix_diag: fix info leak Mathias Krause
2013-10-02 20:08 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).