2.6.27-stable review patch. If anyone has any objections, please let us know. ------------------ From: Eric Dumazet commit e84b90ae5eb3c112d1f208964df1d8156a538289 upstream. raw_getname() can leak 10 bytes of kernel memory to user (two bytes hole between can_family and can_ifindex, 8 bytes at the end of sockaddr_can structure) Signed-off-by: Eric Dumazet Acked-by: Oliver Hartkopp Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/can/raw.c | 1 + 1 file changed, 1 insertion(+) --- a/net/can/raw.c +++ b/net/can/raw.c @@ -396,6 +396,7 @@ static int raw_getname(struct socket *so if (peer) return -EOPNOTSUPP; + memset(addr, 0, sizeof(*addr)); addr->can_family = AF_CAN; addr->can_ifindex = ro->ifindex; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/