Skip to content

Commit

Permalink
net: fix infoleak in llc
Browse files Browse the repository at this point in the history
The stack object “info” has a total size of 12 bytes. Its last byte
is padding which is not initialized and leaked via “put_cmsg”.

Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
kengiter authored and davem330 committed May 4, 2016
1 parent 1c021bb commit b8670c0
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions net/llc/af_llc.c
Original file line number Diff line number Diff line change
Expand Up @@ -626,6 +626,7 @@ static void llc_cmsg_rcv(struct msghdr *msg, struct sk_buff *skb)
if (llc->cmsg_flags & LLC_CMSG_PKTINFO) {
struct llc_pktinfo info;

memset(&info, 0, sizeof(info));
info.lpi_ifindex = llc_sk(skb->sk)->dev->ifindex;
llc_pdu_decode_dsap(skb, &info.lpi_sap);
llc_pdu_decode_da(skb, info.lpi_mac);
Expand Down

0 comments on commit b8670c0

Please sign in to comment.