net: fix infoleak in llc · tjh.dev/kernel@b8670c0

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

net: fix infoleak in llc

The stack object “info” has a total size of 12 bytes. Its last byte
is padding which is not initialized and leaked via “put_cmsg”.

Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Kangjie Lu and committed by

David S. Miller 10 years ago b8670c09 1c021bb7

1 changed file

expand all

net

llc

af_llc.c

net/llc/af_llc.c

··· 626 626 if (llc->cmsg_flags & LLC_CMSG_PKTINFO) { 627 627 struct llc_pktinfo info; 628 628 629 + memset(&info, 0, sizeof(info)); 629 630 info.lpi_ifindex = llc_sk(skb->sk)->dev->ifindex; 630 631 llc_pdu_decode_dsap(skb, &info.lpi_sap); 631 632 llc_pdu_decode_da(skb, info.lpi_mac);