| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <bb4e4909b855151b9bf3f48dd47aa4cbe156b242.1468483951.git.jslaby@suse.cz> Date: Thu, 14 Jul 2016 10:16:08 +0200 From: Jiri Slaby <jslaby@...e.cz> To: stable@...r.kernel.org Cc: linux-kernel@...r.kernel.org, Kangjie Lu <kangjielu@...il.com>, Kangjie Lu <kjlu@...ech.edu>, "David S . Miller" <davem@...emloft.net>, Jiri Slaby <jslaby@...e.cz> Subject: [PATCH 3.12 76/88] rds: fix an infoleak in rds_inc_info_copy From: Kangjie Lu <kangjielu@...il.com> 3.12-stable review patch. If anyone has any objections, please let me know. =============== commit 4116def2337991b39919f3b448326e21c40e0dbb upstream. The last field "flags" of object "minfo" is not initialized. Copying this object out may leak kernel stack data. Assign 0 to it to avoid leak. Signed-off-by: Kangjie Lu <kjlu@...ech.edu> Acked-by: Santosh Shilimkar <santosh.shilimkar@...cle.com> Signed-off-by: David S. Miller <davem@...emloft.net> Signed-off-by: Jiri Slaby <jslaby@...e.cz> --- net/rds/recv.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/rds/recv.c b/net/rds/recv.c index de339b24ca14..917f36af8d37 100644 --- a/net/rds/recv.c +++ b/net/rds/recv.c @@ -544,5 +544,7 @@ void rds_inc_info_copy(struct rds_incoming *inc, minfo.fport = inc->i_hdr.h_dport; } + minfo.flags = 0; + rds_info_copy(iter, &minfo, sizeof(minfo)); } -- 2.9.1
Powered by blists - more mailing lists