lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Apr 2016 11:58:35 +0300 From: Pavel Emelyanov <xemul@...tuozzo.com> To: Mathias Krause <minipli@...glemail.com>, "David S. Miller" <davem@...emloft.net> CC: <netdev@...r.kernel.org>, "Eric W. Biederman" <ebiederm@...ssion.com> Subject: Re: [PATCH net] packet: fix heap info leak in PACKET_DIAG_MCLIST sock_diag interface On 04/10/2016 01:52 PM, Mathias Krause wrote: > Because we miss to wipe the remainder of i->addr[] in packet_mc_add(), > pdiag_put_mclist() leaks uninitialized heap bytes via the > PACKET_DIAG_MCLIST netlink attribute. > > Fix this by explicitly memset(0)ing the remaining bytes in i->addr[]. > > Fixes: eea68e2f1a00 ("packet: Report socket mclist info via diag module") > Signed-off-by: Mathias Krause <minipli@...glemail.com> > Cc: Eric W. Biederman <ebiederm@...ssion.com> > Cc: Pavel Emelyanov <xemul@...allels.com> Acked-by: Pavel Emelyanov <xemul@...tuozzo.com>
Powered by blists - more mailing lists