From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Mathias Krause <minipli@googlemail.com>,
Dan Carpenter <dan.carpenter@oracle.com>,
Steffen Klassert <steffen.klassert@secunet.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [ 21/22] af_key: more info leaks in pfkey messages
Date: Thu, 8 Aug 2013 18:41:37 -0700 [thread overview]
Message-ID: <20130809013953.833985235@linuxfoundation.org> (raw)
In-Reply-To: <20130809013949.226228694@linuxfoundation.org>
3.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit ff862a4668dd6dba962b1d2d8bd344afa6375683 ]
This is inspired by a5cc68f3d6 "af_key: fix info leaks in notify
messages". There are some struct members which don't get initialized
and could disclose small amounts of private information.
Acked-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/key/af_key.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2073,6 +2073,7 @@ static int pfkey_xfrm_policy2msg(struct
pol->sadb_x_policy_type = IPSEC_POLICY_NONE;
}
pol->sadb_x_policy_dir = dir+1;
+ pol->sadb_x_policy_reserved = 0;
pol->sadb_x_policy_id = xp->index;
pol->sadb_x_policy_priority = xp->priority;
@@ -3108,7 +3109,9 @@ static int pfkey_send_acquire(struct xfr
pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
pol->sadb_x_policy_dir = dir+1;
+ pol->sadb_x_policy_reserved = 0;
pol->sadb_x_policy_id = xp->index;
+ pol->sadb_x_policy_priority = xp->priority;
/* Set sadb_comb's. */
if (x->id.proto == IPPROTO_AH)
@@ -3496,6 +3499,7 @@ static int pfkey_send_migrate(const stru
pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
pol->sadb_x_policy_dir = dir + 1;
+ pol->sadb_x_policy_reserved = 0;
pol->sadb_x_policy_id = 0;
pol->sadb_x_policy_priority = 0;
next prev parent reply other threads:[~2013-08-09 1:41 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-09 1:41 [ 00/22] 3.0.90-stable review Greg Kroah-Hartman
2013-08-09 1:41 ` [ 01/22] serial/mxs-auart: fix race condition in interrupt handler Greg Kroah-Hartman
2013-08-09 1:41 ` [ 02/22] serial/mxs-auart: increase time to wait for transmitter to become idle Greg Kroah-Hartman
2013-08-09 1:41 ` [ 03/22] ath9k_htc: do some initial hardware configuration Greg Kroah-Hartman
2013-08-09 1:41 ` [ 04/22] nl80211: fix mgmt tx status and testmode reporting for netns Greg Kroah-Hartman
2013-08-09 1:41 ` [ 05/22] mac80211: fix duplicate retransmission detection Greg Kroah-Hartman
2013-08-09 1:41 ` [ 06/22] rt2x00: fix stop queue Greg Kroah-Hartman
2013-08-09 1:41 ` [ 07/22] mwifiex: Add missing endian conversion Greg Kroah-Hartman
2013-08-09 1:41 ` [ 08/22] ACPI / battery: Fix parsing _BIX return value Greg Kroah-Hartman
2013-08-09 1:41 ` [ 09/22] sched: Fix the broken sched_rr_get_interval() Greg Kroah-Hartman
2013-08-09 1:41 ` [ 10/22] fanotify: info leak in copy_event_to_user() Greg Kroah-Hartman
2013-08-09 1:41 ` [ 11/22] MAINTAINERS: fix up stable_kernel_rules.txt location Greg Kroah-Hartman
2013-08-09 1:41 ` [ 12/22] perf: Fix event group context move Greg Kroah-Hartman
2013-08-09 1:41 ` [ 13/22] x86, fpu: correct the asm constraints for fxsave, unbreak mxcsr.daz Greg Kroah-Hartman
2013-08-09 1:41 ` [ 14/22] perf: Use css_tryget() to avoid propping up css refcount Greg Kroah-Hartman
2013-08-09 1:41 ` [ 15/22] arcnet: cleanup sizeof parameter Greg Kroah-Hartman
2013-08-09 1:41 ` [ 16/22] sysctl net: Keep tcp_syn_retries inside the boundary Greg Kroah-Hartman
2013-08-09 1:41 ` [ 17/22] sctp: fully initialize sctp_outq in sctp_outq_init Greg Kroah-Hartman
2013-08-09 1:41 ` [ 18/22] ipv6: take rtnl_lock and mark mrt6 table as freed on namespace cleanup Greg Kroah-Hartman
2013-08-09 1:41 ` [ 19/22] usbnet: do not pretend to support SG/TSO Greg Kroah-Hartman
2013-08-09 1:41 ` [ 20/22] net_sched: Fix stack info leak in cbq_dump_wrr() Greg Kroah-Hartman
2013-08-09 1:41 ` Greg Kroah-Hartman [this message]
2013-08-09 1:41 ` [ 22/22] net_sched: info leak in atm_tc_dump_class() Greg Kroah-Hartman
2013-08-09 3:42 ` [ 00/22] 3.0.90-stable review Guenter Roeck
2013-08-09 3:56 ` Greg Kroah-Hartman
2013-08-10 22:08 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130809013953.833985235@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dan.carpenter@oracle.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=minipli@googlemail.com \
--cc=stable@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).