Skip to content

Commit 43da5f2

Browse files
miniplidavem330
authored andcommitted
net: fix info leak in compat dev_ifconf()
The implementation of dev_ifconf() for the compat ioctl interface uses an intermediate ifc structure allocated in userland for the duration of the syscall. Though, it fails to initialize the padding bytes inserted for alignment and that for leaks four bytes of kernel stack. Add an explicit memset(0) before filling the structure to avoid the info leak. Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 2d8a041 commit 43da5f2

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

Diff for: net/socket.c

+1
Original file line numberDiff line numberDiff line change
@@ -2657,6 +2657,7 @@ static int dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32)
26572657
if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf)))
26582658
return -EFAULT;
26592659

2660+
memset(&ifc, 0, sizeof(ifc));
26602661
if (ifc32.ifcbuf == 0) {
26612662
ifc32.ifc_len = 0;
26622663
ifc.ifc_len = 0;

0 commit comments

Comments
 (0)