lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Sep 2012 13:13:57 -0700 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org, stable@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, alan@...rguk.ukuu.org.uk, Mathias Krause <minipli@...glemail.com>, Wensong Zhang <wensong@...ux-vs.org>, Simon Horman <horms@...ge.net.au>, Julian Anastasov <ja@....bg>, "David S. Miller" <davem@...emloft.net> Subject: [ 020/218] ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT) 3.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Mathias Krause <minipli@...glemail.com> [ Upstream commit 2d8a041b7bfe1097af21441cb77d6af95f4f4680 ] If at least one of CONFIG_IP_VS_PROTO_TCP or CONFIG_IP_VS_PROTO_UDP is not set, __ip_vs_get_timeouts() does not fully initialize the structure that gets copied to userland and that for leaks up to 12 bytes of kernel stack. Add an explicit memset(0) before passing the structure to __ip_vs_get_timeouts() to avoid the info leak. Signed-off-by: Mathias Krause <minipli@...glemail.com> Cc: Wensong Zhang <wensong@...ux-vs.org> Cc: Simon Horman <horms@...ge.net.au> Cc: Julian Anastasov <ja@....bg> Signed-off-by: David S. Miller <davem@...emloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> --- net/netfilter/ipvs/ip_vs_ctl.c | 1 + 1 file changed, 1 insertion(+) --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -2713,6 +2713,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cm { struct ip_vs_timeout_user t; + memset(&t, 0, sizeof(t)); __ip_vs_get_timeouts(net, &t); if (copy_to_user(user, &t, sizeof(t)) != 0) ret = -EFAULT; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists