net: amend the fix for SO_BSDCOMPAT gsopt infoleak

Message ID	20090223164112.GA29425@kernel.sg
State	Accepted, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Date: Tue, 24 Feb 2009 00:41:12 +0800 From: Eugene Teo <eugeneteo@kernel.sg> To: linux-kernel@vger.kernel.org, netdev@vger.kernel.org Cc: mpatocka@redhat.com Subject: net: amend the fix for SO_BSDCOMPAT gsopt infoleak Message-ID: <20090223164112.GA29425@kernel.sg> Reply-To: Eugene Teo <eugeneteo@kernel.sg> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

20090223164112.GA29425@kernel.sg

State

Accepted, archived

Delegated to:

David Miller

Headers

Date: Tue, 24 Feb 2009 00:41:12 +0800
From: Eugene Teo <eugeneteo@kernel.sg>
To: linux-kernel@vger.kernel.org, netdev@vger.kernel.org
Cc: mpatocka@redhat.com
Subject: net: amend the fix for SO_BSDCOMPAT gsopt infoleak
Message-ID: <20090223164112.GA29425@kernel.sg>
Reply-To: Eugene Teo <eugeneteo@kernel.sg>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Eugene Teo Feb. 23, 2009, 4:41 p.m. UTC

The fix for CVE-2009-0676 (upstream commit df0bca04) is incomplete. Note
that the same problem of leaking kernel memory will reappear if someone
on some architecture uses struct timeval with some internal padding (for
example tv_sec 64-bit and tv_usec 32-bit) --- then, you are going to
leak the padded bytes to userspace.

Signed-off-by: Eugene Teo <eugeneteo@kernel.sg>
Reported-by: Mikulas Patocka <mpatocka@redhat.com>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

David Miller Feb. 23, 2009, 11:38 p.m. UTC | #1

From: Eugene Teo <eugeneteo@kernel.sg>
Date: Tue, 24 Feb 2009 00:41:12 +0800

> The fix for CVE-2009-0676 (upstream commit df0bca04) is incomplete. Note
> that the same problem of leaking kernel memory will reappear if someone
> on some architecture uses struct timeval with some internal padding (for
> example tv_sec 64-bit and tv_usec 32-bit) --- then, you are going to
> leak the padded bytes to userspace.
> 
> Signed-off-by: Eugene Teo <eugeneteo@kernel.sg>
> Reported-by: Mikulas Patocka <mpatocka@redhat.com>

Applied and queued up for -stable, thanks Eugene.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/core/sock.c b/net/core/sock.c
index 6f2e133..913c95f 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -696,7 +696,7 @@  int sock_getsockopt(struct socket *sock, int level, int optname,
 	if (len < 0)
 		return -EINVAL;
 
-	v.val = 0;
+	memset(&v, 0, sizeof(v));
 
 	switch(optname) {
 	case SO_DEBUG:

net: amend the fix for SO_BSDCOMPAT gsopt infoleak

Commit Message

Comments

Patch