| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Sep 2009 12:05:40 -0700 From: Stephen Hemminger <shemminger@...tta.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: "David S. Miller" <davem@...emloft.net>, Linux Netdev List <netdev@...r.kernel.org> Subject: Re: [PATCH] tc: Fix unitialized kernel memory leak On Wed, 02 Sep 2009 14:40:09 +0200 Eric Dumazet <eric.dumazet@...il.com> wrote: > Three bytes of uninitialized kernel memory are currently leaked to user > > Signed-off-by: Eric Dumazet <eric.dumazet@...il.com> > --- > diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c > index 24d17ce..fdb694e 100644 > --- a/net/sched/sch_api.c > +++ b/net/sched/sch_api.c > @@ -1456,6 +1456,8 @@ static int tc_fill_tclass(struct sk_buff *skb, struct Qdisc *q, > nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*tcm), flags); > tcm = NLMSG_DATA(nlh); > tcm->tcm_family = AF_UNSPEC; > + tcm->tcm__pad1 = 0; > + tcm->tcm__pad2 = 0; > tcm->tcm_ifindex = qdisc_dev(q)->ifindex; > tcm->tcm_parent = q->handle; > tcm->tcm_handle = q->handle; Perhaps __nlmsg_put should just always call memset() for the whole added chunk. It is not like it is critical path in any way, and avoid any of this possible class of errors. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists