lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Nov 2010 23:33:18 +0300 From: Vasiliy Kulikov <segooon@...il.com> To: David Miller <davem@...emloft.net> Cc: kernel-janitors@...r.kernel.org, jon.maloy@...csson.com, allan.stephens@...driver.com, tipc-discussion@...ts.sourceforge.net, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 3/3] net: tipc: fix information leak to userland On Tue, Nov 09, 2010 at 09:26 -0800, David Miller wrote: > From: Vasiliy Kulikov <segooon@...il.com> > Date: Sun, 31 Oct 2010 20:10:32 +0300 > > > Structure sockaddr_tipc is copied to userland with padding bytes after > > "id" field in union field "name" unitialized. It leads to leaking of > > contents of kernel stack memory. We have to initialize them to zero. > > > > Signed-off-by: Vasiliy Kulikov <segooon@...il.com> > > Applied. > > Patches #1 and #2 were given feedback which I need you to integrate > and submit new patches based upon, thanks. About #2: I still think that this: if (dev) strncpy(uaddr->sa_data, dev->name, 14); else memset(uaddr->sa_data, 0, 14); is better than this: memset(uaddr->sa_data, 0, 14); dev = dev_get_by_index_rcu(sock_net(sk), pkt_sk(sk)->ifindex); if (dev) strlcpy(uaddr->sa_data, dev->name, 15); Doesn't it? Explicitly filling with zero on the same "if" level is slightly easier to read and understand. -- Vasiliy -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists