| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 09 Nov 2015 11:09:06 +0100
From: Hannes Frederic Sowa <hannes@...essinduktion.org>
To: Loganaden Velvindron <logan@...ndsys.com>, netdev@...r.kernel.org
Subject: Re: [PATCH net-next ] net: ipv4: memset addr before calling
copy_to_user()
Hello,
On Mon, Nov 9, 2015, at 07:52, Loganaden Velvindron wrote:
> zero addr before calling copy_to_user()
>
> Signed-off-by: Loganaden Velvindron <logan@...ndsys.com>
> ---
> net/ipv4/ip_sockglue.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
> index c3c359a..d7a5a8b 100644
> --- a/net/ipv4/ip_sockglue.c
> +++ b/net/ipv4/ip_sockglue.c
> @@ -1373,6 +1373,7 @@ static int do_ip_getsockopt(struct sock *sk, int
> level, int optname,
> case IP_MULTICAST_IF:
> {
> struct in_addr addr;
> + memset(&addr, 0, sizeof(addr));
> len = min_t(unsigned int, len, sizeof(struct in_addr));
> addr.s_addr = inet->mc_addr;
> release_sock(sk);
There is no possibility we leak any unwanted data to user space here.
If you are not sure if sizeof(addr) > sizeof(addr.s_addr) use a
designated initializer:
addr = { .s_addr = inet->mc_addr };
which clears all other non-initialized elements. But here we are very
certain.
We do not do defensive programming, we try to do logical things, and
only logical things.
— Eric Dumazet (Thanks to Dan Carpenter.)
Bye,
Hannes
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists