From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:45718 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933697AbdJJT6K (ORCPT ); Tue, 10 Oct 2017 15:58:10 -0400 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Alexander Potapenko , Nikolay Aleksandrov , Roopa Prabhu , "David S. Miller" Subject: [PATCH 4.9 076/105] net: rtnetlink: fix info leak in RTM_GETSTATS call Date: Tue, 10 Oct 2017 21:50:47 +0200 Message-Id: <20171010192545.500554603@linuxfoundation.org> In-Reply-To: <20171010192533.717049376@linuxfoundation.org> References: <20171010192533.717049376@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: stable-owner@vger.kernel.org List-ID: 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Nikolay Aleksandrov [ Upstream commit ce024f42c2e28b6bce4ecc1e891b42f57f753892 ] When RTM_GETSTATS was added the fields of its header struct were not all initialized when returning the result thus leaking 4 bytes of information to user-space per rtnl_fill_statsinfo call, so initialize them now. Thanks to Alexander Potapenko for the detailed report and bisection. Reported-by: Alexander Potapenko Fixes: 10c9ead9f3c6 ("rtnetlink: add new RTM_GETSTATS message to dump link stats") Signed-off-by: Nikolay Aleksandrov Acked-by: Roopa Prabhu Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/core/rtnetlink.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -3758,6 +3758,9 @@ static int rtnl_fill_statsinfo(struct sk return -EMSGSIZE; ifsm = nlmsg_data(nlh); + ifsm->family = PF_UNSPEC; + ifsm->pad1 = 0; + ifsm->pad2 = 0; ifsm->ifindex = dev->ifindex; ifsm->filter_mask = filter_mask;