Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

dccp: fix info leak via getsockopt(DCCP_SOCKOPT_CCID_TX_INFO)

The CCID3 code fails to initialize the trailing padding bytes of struct
tfrc_tx_info added for alignment on 64 bit architectures. It that for
potentially leaks four bytes kernel stack via the getsockopt() syscall.
Add an explicit memset(0) before filling the structure to avoid the
info leak.

Signed-off-by: Mathias Krause <>
Cc: Gerrit Renker <>
Signed-off-by: David S. Miller <>
  • Loading branch information...
commit 7b07f8eb75aa3097cdfd4f6eac3da49db787381d 1 parent 276bdb8
@minipli minipli authored davem330 committed
Showing with 1 addition and 0 deletions.
  1. +1 −0  net/dccp/ccids/ccid3.c
1  net/dccp/ccids/ccid3.c
@@ -535,6 +535,7 @@ static int ccid3_hc_tx_getsockopt(struct sock *sk, const int optname, int len,
if (len < sizeof(tfrc))
return -EINVAL;
+ memset(&tfrc, 0, sizeof(tfrc));
tfrc.tfrctx_x = hc->tx_x;
tfrc.tfrctx_x_recv = hc->tx_x_recv;
tfrc.tfrctx_x_calc = hc->tx_x_calc;
Please sign in to comment.
Something went wrong with that request. Please try again.