| Message ID | 1507026048-13734-1-git-send-email-nikolay@cumulusnetworks.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | [net] net: rtnetlink: fix info leak in RTM_GETSTATS call | expand |
On Tue, Oct 3, 2017 at 3:20 AM, Nikolay Aleksandrov <nikolay@cumulusnetworks.com> wrote: > When RTM_GETSTATS was added the fields of its header struct were not all > initialized when returning the result thus leaking 4 bytes of information > to user-space per rtnl_fill_statsinfo call, so initialize them now. Thanks > to Alexander Potapenko for the detailed report and bisection. > > Reported-by: Alexander Potapenko <glider@google.com> > Fixes: 10c9ead9f3c6 ("rtnetlink: add new RTM_GETSTATS message to dump link stats") > Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com> Thanks Nikolay!.
From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Date: Tue, 3 Oct 2017 13:20:48 +0300 > When RTM_GETSTATS was added the fields of its header struct were not all > initialized when returning the result thus leaking 4 bytes of information > to user-space per rtnl_fill_statsinfo call, so initialize them now. Thanks > to Alexander Potapenko for the detailed report and bisection. > > Reported-by: Alexander Potapenko <glider@google.com> > Fixes: 10c9ead9f3c6 ("rtnetlink: add new RTM_GETSTATS message to dump link stats") > Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Applied and queued up for -stable, thanks.
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index a78fd61da0ec..d4bcdcc68e92 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -3854,6 +3854,9 @@ static int rtnl_fill_statsinfo(struct sk_buff *skb, struct net_device *dev, return -EMSGSIZE; ifsm = nlmsg_data(nlh); + ifsm->family = PF_UNSPEC; + ifsm->pad1 = 0; + ifsm->pad2 = 0; ifsm->ifindex = dev->ifindex; ifsm->filter_mask = filter_mask;
When RTM_GETSTATS was added the fields of its header struct were not all initialized when returning the result thus leaking 4 bytes of information to user-space per rtnl_fill_statsinfo call, so initialize them now. Thanks to Alexander Potapenko for the detailed report and bisection. Reported-by: Alexander Potapenko <glider@google.com> Fixes: 10c9ead9f3c6 ("rtnetlink: add new RTM_GETSTATS message to dump link stats") Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> --- net/core/rtnetlink.c | 3 +++ 1 file changed, 3 insertions(+)