| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 4 Feb 2023 09:50:18 -0800
From: Hyunwoo Kim <v4bel@...ori.io>
To: steffen.klassert@...unet.com, herbert@...dor.apana.org.au,
davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com
Cc: v4bel@...ori.io, imv4bel@...il.com, netdev@...r.kernel.org
Subject: [PATCH] af_key: Fix heap information leak
Since x->calg etc. are allocated with kmalloc, information
in kernel heap can be leaked using netlink socket on
systems without CONFIG_INIT_ON_ALLOC_DEFAULT_ON.
Signed-off-by: Hyunwoo Kim <v4bel@...ori.io>
---
net/key/af_key.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 2bdbcec781cd..9a7adcaf6aa3 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1174,7 +1174,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
}
if (key)
keysize = (key->sadb_key_bits + 7) / 8;
- x->aalg = kmalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL);
+ x->aalg = kzalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL);
if (!x->aalg) {
err = -ENOMEM;
goto out;
@@ -1196,7 +1196,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
err = -ENOSYS;
goto out;
}
- x->calg = kmalloc(sizeof(*x->calg), GFP_KERNEL);
+ x->calg = kzalloc(sizeof(*x->calg), GFP_KERNEL);
if (!x->calg) {
err = -ENOMEM;
goto out;
@@ -1213,7 +1213,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
if (key)
keysize = (key->sadb_key_bits + 7) / 8;
- x->ealg = kmalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL);
+ x->ealg = kzalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL);
if (!x->ealg) {
err = -ENOMEM;
goto out;
@@ -1261,7 +1261,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
const struct sadb_x_nat_t_type* n_type;
struct xfrm_encap_tmpl *natt;
- x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL);
+ x->encap = kzalloc(sizeof(*x->encap), GFP_KERNEL);
if (!x->encap) {
err = -ENOMEM;
goto out;
--
2.25.1
Powered by blists - more mailing lists