From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:45627 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932976AbcILRL5 (ORCPT ); Mon, 12 Sep 2016 13:11:57 -0400 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kangjie Lu , "David S. Miller" , Sasha Levin Subject: [PATCH 4.4 130/192] [PATCH 134/135] tipc: fix an infoleak in tipc_nl_compat_link_dump Date: Mon, 12 Sep 2016 19:00:39 +0200 Message-Id: <20160912152204.472678783@linuxfoundation.org> In-Reply-To: <20160912152158.855601725@linuxfoundation.org> References: <20160912152158.855601725@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: stable-owner@vger.kernel.org List-ID: 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit 5d2be1422e02ccd697ccfcd45c85b4a26e6178e2 ] link_info.str is a char array of size 60. Memory after the NULL byte is not initialized. Sending the whole object out can cause a leak. Signed-off-by: Kangjie Lu Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- net/tipc/netlink_compat.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/tipc/netlink_compat.c +++ b/net/tipc/netlink_compat.c @@ -574,7 +574,8 @@ static int tipc_nl_compat_link_dump(stru link_info.dest = nla_get_flag(link[TIPC_NLA_LINK_DEST]); link_info.up = htonl(nla_get_flag(link[TIPC_NLA_LINK_UP])); - strcpy(link_info.str, nla_data(link[TIPC_NLA_LINK_NAME])); + nla_strlcpy(link_info.str, nla_data(link[TIPC_NLA_LINK_NAME]), + TIPC_MAX_LINK_NAME); return tipc_add_tlv(msg->rep, TIPC_TLV_LINK_INFO, &link_info, sizeof(link_info));