Patchwork [3.5.y.z,extended,stable] Patch "net_sched: info leak in atm_tc_dump_class()" has been added to staging queue

login
register
mail settings
Submitter Luis Henriques
Date Aug. 6, 2013, 9:36 a.m.
Message ID <1375781809-8214-1-git-send-email-luis.henriques@canonical.com>
Download mbox | patch
Permalink /patch/264945/
State New
Headers show

Comments

Luis Henriques - Aug. 6, 2013, 9:36 a.m.
This is a note to let you know that I have just added a patch titled

    net_sched: info leak in atm_tc_dump_class()

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

From 4d0d566d2de572f12b0ddcb1668305fa0680ccdf Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue, 30 Jul 2013 13:23:39 +0300
Subject: [PATCH] net_sched: info leak in atm_tc_dump_class()

commit 8cb3b9c3642c0263d48f31d525bcee7170eedc20 upstream.

The "pvc" struct has a hole after pvc.sap_family which is not cleared.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
---
 net/sched/sch_atm.c | 1 +
 1 file changed, 1 insertion(+)

--
1.8.3.2

Patch

diff --git a/net/sched/sch_atm.c b/net/sched/sch_atm.c
index ca8e0a5..1f9c314 100644
--- a/net/sched/sch_atm.c
+++ b/net/sched/sch_atm.c
@@ -605,6 +605,7 @@  static int atm_tc_dump_class(struct Qdisc *sch, unsigned long cl,
 		struct sockaddr_atmpvc pvc;
 		int state;

+		memset(&pvc, 0, sizeof(pvc));
 		pvc.sap_family = AF_ATMPVC;
 		pvc.sap_addr.itf = flow->vcc->dev ? flow->vcc->dev->number : -1;
 		pvc.sap_addr.vpi = flow->vcc->vpi;