Skip to content

Commit 4a18423

Browse files
miniplidavem330
authored andcommitted
rose: fix info leak via msg_name in rose_recvmsg()
The code in rose_recvmsg() does not initialize all of the members of struct sockaddr_rose/full_sockaddr_rose when filling the sockaddr info. Nor does it initialize the padding bytes of the structure inserted by the compiler for alignment. This will lead to leaking uninitialized kernel stack bytes in net/socket.c. Fix the issue by initializing the memory used for sockaddr info with memset(0). Cc: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent d26d650 commit 4a18423

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

Diff for: net/rose/af_rose.c

+1
Original file line numberDiff line numberDiff line change
@@ -1253,6 +1253,7 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock,
12531253
skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
12541254

12551255
if (srose != NULL) {
1256+
memset(srose, 0, msg->msg_namelen);
12561257
srose->srose_family = AF_ROSE;
12571258
srose->srose_addr = rose->dest_addr;
12581259
srose->srose_call = rose->dest_call;

0 commit comments

Comments
 (0)