| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Mar 2022 08:18:55 +0000
From: cgel.zte@...il.com
To: vyasevich@...il.com
Cc: nhorman@...driver.com, marcelo.leitner@...il.com,
davem@...emloft.net, kuba@...nel.org, linux-sctp@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Minghao Chi <chi.minghao@....com.cn>,
Zeal Robot <zealci@....com.cn>
Subject: [PATCH] net/sctp: use memset avoid infoleaks
From: Minghao Chi (CGEL ZTE) <chi.minghao@....com.cn>
Use memset to initialize structs to preventing infoleaks
in sctp_auth_chunk_verify
Reported-by: Zeal Robot <zealci@....com.cn>
Signed-off-by: Minghao Chi (CGEL ZTE) <chi.minghao@....com.cn>
---
net/sctp/sm_statefuns.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index cc544a97c4af..7ff16d12e0c5 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -652,6 +652,7 @@ static bool sctp_auth_chunk_verify(struct net *net, struct sctp_chunk *chunk,
return false;
/* set-up our fake chunk so that we can process it */
+ memset(&auth, 0x0, sizeof(auth));
auth.skb = chunk->auth_chunk;
auth.asoc = chunk->asoc;
auth.sctp_hdr = chunk->sctp_hdr;
--
2.25.1
Powered by blists - more mailing lists