lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 13 Oct 2016 11:45:28 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     "David S. Miller" <davem@...emloft.net>,
        Moshe Shemesh <moshe@...lanox.com>
Cc:     Roopa Prabhu <roopa@...ulusnetworks.com>,
        Nicolas Dichtel <nicolas.dichtel@...nd.com>,
        Nikolay Aleksandrov <nikolay@...ulusnetworks.com>,
        Eric Dumazet <edumazet@...gle.com>,
        Hannes Frederic Sowa <hannes@...essinduktion.org>,
        Nogah Frankel <nogahf@...lanox.com>,
        Brenden Blanco <bblanco@...mgrid.com>, netdev@...r.kernel.org,
        kernel-janitors@...r.kernel.org
Subject: [patch -next] net: rtnl: info leak in rtnl_fill_vfinfo()

The "vf_vlan_info" struct ends with a 2 byte struct hole so we have to
memset it to ensure that no stack information is revealed to user space.

Fixes: 79aab093a0b5 ('net: Update API for VF vlan protocol 802.1ad support')
Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>

diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index b06d2f4..fb7348f 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1144,6 +1144,8 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb,
 	if (dev->netdev_ops->ndo_get_vf_config(dev, vfs_num, &ivi))
 		return 0;
 
+	memset(&vf_vlan_info, 0, sizeof(vf_vlan_info));
+
 	vf_mac.vf =
 		vf_vlan.vf =
 		vf_vlan_info.vf =

Powered by blists - more mailing lists