From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:53694 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753728AbdJIHek (ORCPT
        <rfc822;stable@vger.kernel.org>); Mon, 9 Oct 2017 03:34:40 -0400
Subject: Patch "net: rtnetlink: fix info leak in RTM_GETSTATS call" has been added to the 4.13-stable tree
To: nikolay@cumulusnetworks.com, davem@davemloft.net,
        glider@google.com, gregkh@linuxfoundation.org,
        roopa@cumulusnetworks.com
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
From: <gregkh@linuxfoundation.org>
Date: Mon, 09 Oct 2017 09:34:24 +0200
Message-ID: <15075344641033@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>


This is a note to let you know that I've just added the patch titled

    net: rtnetlink: fix info leak in RTM_GETSTATS call

to the 4.13-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-rtnetlink-fix-info-leak-in-rtm_getstats-call.patch
and it can be found in the queue-4.13 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>>From foo@baz Mon Oct  9 09:32:35 CEST 2017
From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Date: Tue, 3 Oct 2017 13:20:48 +0300
Subject: net: rtnetlink: fix info leak in RTM_GETSTATS call

From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>


[ Upstream commit ce024f42c2e28b6bce4ecc1e891b42f57f753892 ]

When RTM_GETSTATS was added the fields of its header struct were not all
initialized when returning the result thus leaking 4 bytes of information
to user-space per rtnl_fill_statsinfo call, so initialize them now. Thanks
to Alexander Potapenko for the detailed report and bisection.

Reported-by: Alexander Potapenko <glider@google.com>
Fixes: 10c9ead9f3c6 ("rtnetlink: add new RTM_GETSTATS message to dump link stats")
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/core/rtnetlink.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -3867,6 +3867,9 @@ static int rtnl_fill_statsinfo(struct sk
 		return -EMSGSIZE;
 
 	ifsm = nlmsg_data(nlh);
+	ifsm->family = PF_UNSPEC;
+	ifsm->pad1 = 0;
+	ifsm->pad2 = 0;
 	ifsm->ifindex = dev->ifindex;
 	ifsm->filter_mask = filter_mask;
 


Patches currently in stable-queue which might be from nikolay@cumulusnetworks.com are

queue-4.13/net-bonding-fix-transmit-load-balancing-in-balance-alb-mode-if-specified-by-sysfs.patch
queue-4.13/net-rtnetlink-fix-info-leak-in-rtm_getstats-call.patch
queue-4.13/net-bonding-fix-tlb_dynamic_lb-default-value.patch