From patchwork Fri May 24 17:38:02 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kamal Mostafa X-Patchwork-Id: 246260 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 45D9B2C0098 for ; Sat, 25 May 2013 03:39:08 +1000 (EST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1UfvxG-0000JQ-4t; Fri, 24 May 2013 17:39:02 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1UfvwL-0008Gj-CG for kernel-team@lists.ubuntu.com; Fri, 24 May 2013 17:38:05 +0000 Received: from c-67-160-231-42.hsd1.ca.comcast.net ([67.160.231.42] helo=fourier) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1UfvwL-0003Wo-67; Fri, 24 May 2013 17:38:05 +0000 Received: from kamal by fourier with local (Exim 4.80) (envelope-from ) id 1UfvwI-0002RH-TP; Fri, 24 May 2013 10:38:02 -0700 From: Kamal Mostafa To: Amerigo Wang Subject: [ 3.8.y.z extended stable ] Patch "ipv6, gre: do not leak info to user-space" has been added to staging queue Date: Fri, 24 May 2013 10:38:02 -0700 Message-Id: <1369417082-9344-1-git-send-email-kamal@canonical.com> X-Mailer: git-send-email 1.8.1.2 X-Extended-Stable: 3.8 Cc: Kamal Mostafa , "David S. Miller" , kernel-team@lists.ubuntu.com X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: kernel-team-bounces@lists.ubuntu.com This is a note to let you know that I have just added a patch titled ipv6,gre: do not leak info to user-space to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree which can be found at: http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue If you, or anyone else, feels it should not be added to this tree, please reply to this email. For more information about the 3.8.y.z tree, see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Thanks. -Kamal ------ From 7d0652d41236018756a7818fbd8f1f746aa0b1d6 Mon Sep 17 00:00:00 2001 From: Amerigo Wang Date: Thu, 9 May 2013 21:56:37 +0000 Subject: ipv6,gre: do not leak info to user-space [ Upstream commit 5dbd5068430b8bd1c19387d46d6c1a88b261257f ] There is a hole in struct ip6_tnl_parm2, so we have to zero the struct on stack before copying it to user-space. Cc: David S. Miller Signed-off-by: Cong Wang Signed-off-by: David S. Miller Signed-off-by: Kamal Mostafa --- net/ipv6/ip6_gre.c | 2 ++ 1 file changed, 2 insertions(+) -- 1.8.1.2 diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c index 131dd09..a4c5ae7 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -1137,6 +1137,7 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev, } if (t == NULL) t = netdev_priv(dev); + memset(&p, 0, sizeof(p)); ip6gre_tnl_parm_to_user(&p, &t->parms); if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) err = -EFAULT; @@ -1184,6 +1185,7 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev, if (t) { err = 0; + memset(&p, 0, sizeof(p)); ip6gre_tnl_parm_to_user(&p, &t->parms); if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) err = -EFAULT;