[<prev] [next>] [day] [month] [year] [list]
Message-ID: <7486c356.aa32.15da8660616.Coremail.sohu0106@126.com>
Date: Thu, 3 Aug 2017 22:00:44 +0800 (CST)
From: sohu0106 <sohu0106@....com>
To: netdev@...r.kernel.org
Subject: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak
Sometimes irda_getsockopt() doesn't initialize all members of list field of irda_device_list struct. This structure is then copied to
userland. It leads to leaking of contents of kernel stack memory.
2 net/irda/af_irda.c
@@ -2248,6 +2248,8 @@ static int irda_getsockopt(struct socket *sock, int level, int optname,
err = -EINVAL;
goto out;
}
+
+ memset( &list, 0, sizeof(struct irda_device_list) );
/* Ask lmp for the current discovery log */
discoveries = irlmp_get_discoveries(&list.len, self->mask.word,
Powered by blists - more mailing lists