Message ID | 20090223164112.GA29425@kernel.sg |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Eugene Teo <eugeneteo@kernel.sg> Date: Tue, 24 Feb 2009 00:41:12 +0800 > The fix for CVE-2009-0676 (upstream commit df0bca04) is incomplete. Note > that the same problem of leaking kernel memory will reappear if someone > on some architecture uses struct timeval with some internal padding (for > example tv_sec 64-bit and tv_usec 32-bit) --- then, you are going to > leak the padded bytes to userspace. > > Signed-off-by: Eugene Teo <eugeneteo@kernel.sg> > Reported-by: Mikulas Patocka <mpatocka@redhat.com> Applied and queued up for -stable, thanks Eugene. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/core/sock.c b/net/core/sock.c index 6f2e133..913c95f 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -696,7 +696,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, if (len < 0) return -EINVAL; - v.val = 0; + memset(&v, 0, sizeof(v)); switch(optname) { case SO_DEBUG:
The fix for CVE-2009-0676 (upstream commit df0bca04) is incomplete. Note that the same problem of leaking kernel memory will reappear if someone on some architecture uses struct timeval with some internal padding (for example tv_sec 64-bit and tv_usec 32-bit) --- then, you are going to leak the padded bytes to userspace. Signed-off-by: Eugene Teo <eugeneteo@kernel.sg> Reported-by: Mikulas Patocka <mpatocka@redhat.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html