Message ID | 20130423062414.GC15893@elgon.mountain |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
Am 23.04.2013 08:24, schrieb Dan Carpenter: > The "maddr->family" variable was not set but instead it leaked stack > information to userspace. > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > diff --git a/drivers/isdn/mISDN/socket.c b/drivers/isdn/mISDN/socket.c > index 8b07f83..a838864 100644 > --- a/drivers/isdn/mISDN/socket.c > +++ b/drivers/isdn/mISDN/socket.c > @@ -578,6 +578,7 @@ data_sock_getname(struct socket *sock, struct sockaddr *addr, > lock_sock(sk); > > *addr_len = sizeof(*maddr); > + maddr->family = AF_ISDN; > maddr->dev = _pms(sk)->dev->id; > maddr->channel = _pms(sk)->ch.nr; > maddr->sapi = _pms(sk)->ch.addr & 0xff; just nitpicking ... net/nfc/llcp/sock.c has a memset(..0,..) for the struct. Is this an options here also ? (just to make sure everything is 0 in the beginning) re, wh -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, Apr 23, 2013 at 09:40:07AM +0200, walter harms wrote: > > > Am 23.04.2013 08:24, schrieb Dan Carpenter: > > The "maddr->family" variable was not set but instead it leaked stack > > information to userspace. > > > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > > > diff --git a/drivers/isdn/mISDN/socket.c b/drivers/isdn/mISDN/socket.c > > index 8b07f83..a838864 100644 > > --- a/drivers/isdn/mISDN/socket.c > > +++ b/drivers/isdn/mISDN/socket.c > > @@ -578,6 +578,7 @@ data_sock_getname(struct socket *sock, struct sockaddr *addr, > > lock_sock(sk); > > > > *addr_len = sizeof(*maddr); > > + maddr->family = AF_ISDN; > > maddr->dev = _pms(sk)->dev->id; > > maddr->channel = _pms(sk)->ch.nr; > > maddr->sapi = _pms(sk)->ch.addr & 0xff; > > just nitpicking ... > net/nfc/llcp/sock.c has a memset(..0,..) for the struct. Is this > an options here also ? > (just to make sure everything is 0 in the beginning) In net/nfc/llcp/sock.c the struct has a hole after ->sa_family so the memset() isn't optional. These ->getname() patches were from manually auditing all the ->getname() functions. I've tried to follow the local style in my patches. Quite a few of these use __packed structs to avoid holes and the need for the memset(). regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Dan Carpenter <dan.carpenter@oracle.com> Date: Tue, 23 Apr 2013 09:24:14 +0300 > The "maddr->family" variable was not set but instead it leaked stack > information to userspace. > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/isdn/mISDN/socket.c b/drivers/isdn/mISDN/socket.c index 8b07f83..a838864 100644 --- a/drivers/isdn/mISDN/socket.c +++ b/drivers/isdn/mISDN/socket.c @@ -578,6 +578,7 @@ data_sock_getname(struct socket *sock, struct sockaddr *addr, lock_sock(sk); *addr_len = sizeof(*maddr); + maddr->family = AF_ISDN; maddr->dev = _pms(sk)->dev->id; maddr->channel = _pms(sk)->ch.nr; maddr->sapi = _pms(sk)->ch.addr & 0xff;
The "maddr->family" variable was not set but instead it leaked stack information to userspace. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html