| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <DB9PR05MB907813B07EE477FF7F45DC3188B89@DB9PR05MB9078.eurprd05.prod.outlook.com>
Date: Tue, 28 Jun 2022 10:28:25 +0000
From: Tung Quang Nguyen <tung.q.nguyen@...tech.com.au>
To: Hangyu Hua <hbh25y@...il.com>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"tipc-discussion@...ts.sourceforge.net"
<tipc-discussion@...ts.sourceforge.net>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"jmaloy@...hat.com" <jmaloy@...hat.com>,
"ying.xue@...driver.com" <ying.xue@...driver.com>,
"davem@...emloft.net" <davem@...emloft.net>,
"edumazet@...gle.com" <edumazet@...gle.com>,
"kuba@...nel.org" <kuba@...nel.org>,
"pabeni@...hat.com" <pabeni@...hat.com>
Subject: RE: [PATCH v2] net: tipc: fix possible infoleak in tipc_mon_rcv()
> -----Original Message-----
> From: Hangyu Hua <hbh25y@...il.com>
> Sent: Tuesday, June 28, 2022 3:31 PM
> To: jmaloy@...hat.com; ying.xue@...driver.com; davem@...emloft.net; edumazet@...gle.com; kuba@...nel.org;
> pabeni@...hat.com; Tung Quang Nguyen <tung.q.nguyen@...tech.com.au>
> Cc: netdev@...r.kernel.org; tipc-discussion@...ts.sourceforge.net; linux-kernel@...r.kernel.org; Hangyu Hua <hbh25y@...il.com>
> Subject: [PATCH v2] net: tipc: fix possible infoleak in tipc_mon_rcv()
>
> dom_bef is use to cache current domain record only if current domain
> exists. But when current domain does not exist, dom_bef will still be used
> in mon_identify_lost_members. This may lead to an information leak.
>
> Fix this by adding a memset before using dom_bef.
>
> Fixes: 35c55c9877f8 ("tipc: add neighbor monitoring framework")
> Signed-off-by: Hangyu Hua <hbh25y@...il.com>
> ---
>
> v2: remove redundant 'dom_bef.member_cnt = 0;'
>
> net/tipc/monitor.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/tipc/monitor.c b/net/tipc/monitor.c
> index 2f4d23238a7e..03b5d0b65169 100644
> --- a/net/tipc/monitor.c
> +++ b/net/tipc/monitor.c
> @@ -534,7 +534,7 @@ void tipc_mon_rcv(struct net *net, void *data, u16 dlen, u32 addr,
> state->peer_gen = new_gen;
>
> /* Cache current domain record for later use */
> - dom_bef.member_cnt = 0;
> + memset(&dom_bef, 0, sizeof(dom_bef));
> dom = peer->domain;
> if (dom)
> memcpy(&dom_bef, dom, dom->len);
> --
> 2.25.1
Reviewed-by: Tung Nguyen <tung.q.nguyen@...tech.com.au>
Powered by blists - more mailing lists