diff mbox

[CVE-2016-5244,Precise,Trusty,Vivid,Xenial] rds: fix an infoleak in rds_inc_info_copy

Message ID 1469012937-12144-1-git-send-email-luis.henriques@canonical.com
State New
Headers show

Commit Message

Luis Henriques July 20, 2016, 11:08 a.m. UTC 
From: Kangjie Lu <kangjielu@gmail.com>

The last field "flags" of object "minfo" is not initialized.
Copying this object out may leak kernel stack data.
Assign 0 to it to avoid leak.

Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 4116def2337991b39919f3b448326e21c40e0dbb)
CVE-2016-5244
BugLink: https://bugs.launchpad.net/bugs/1589041
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
---
 net/rds/recv.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Tim Gardner July 20, 2016, 12:37 p.m. UTC | #1
Kamal Mostafa July 20, 2016, 4:08 p.m. UTC | #2
diff mbox

Patch

diff --git a/net/rds/recv.c b/net/rds/recv.c
index a00462b0d01d..0514af3ab378 100644
--- a/net/rds/recv.c
+++ b/net/rds/recv.c
@@ -545,5 +545,7 @@  void rds_inc_info_copy(struct rds_incoming *inc,
 		minfo.fport = inc->i_hdr.h_dport;
 	}
 
+	minfo.flags = 0;
+
 	rds_info_copy(iter, &minfo, sizeof(minfo));
 }