Skip to content

Commit

Permalink
net: fix info leak in compat dev_ifconf()
Browse files Browse the repository at this point in the history 
The implementation of dev_ifconf() for the compat ioctl interface uses
an intermediate ifc structure allocated in userland for the duration of
the syscall. Though, it fails to initialize the padding bytes inserted
for alignment and that for leaks four bytes of kernel stack. Add an
explicit memset(0) before filling the structure to avoid the info leak.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
@minipli @davem330
minipli authored and davem330 committed Aug 16, 2012
1 parent 2d8a041 commit 43da5f2
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions net/socket.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2657,6 +2657,7 @@ static int dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32)
if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf)))
return -EFAULT;

memset(&ifc, 0, sizeof(ifc));
if (ifc32.ifcbuf == 0) {
ifc32.ifc_len = 0;
ifc.ifc_len = 0;
Expand Down

0 comments on commit 43da5f2

Please sign in to comment.