From patchwork Wed Aug 15 21:31:56 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathias Krause X-Patchwork-Id: 177841 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id D5F1A2C00A3 for ; Thu, 16 Aug 2012 07:34:23 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757539Ab2HOVeA (ORCPT ); Wed, 15 Aug 2012 17:34:00 -0400 Received: from mail-bk0-f46.google.com ([209.85.214.46]:52155 "EHLO mail-bk0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756130Ab2HOVdT (ORCPT ); Wed, 15 Aug 2012 17:33:19 -0400 Received: by mail-bk0-f46.google.com with SMTP id j10so690428bkw.19 for ; Wed, 15 Aug 2012 14:33:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:to:cc:subject:date:message-id:x-mailer:in-reply-to:references; bh=4qZ7QiB61o9Bf7DmPUIartqHsQrQAlRWGKXYKgIMwjg=; b=lRHX0m4FDy/jMA/ZIhFkaa13Syt7QECFrnWWT2Hdgvr+kiu+6YL4yfb0Apg1b+ipBo Y472LV4oiaW7yIOzj88VHBmsvrfCrQwyLyuiE4vSs5I/Tqgq6fHAWjmWXNnmMhhagXbR JSsH0f3sV/jNDoisDB6ZlCN/vCFj+Xa99ZlSdYsrCb+CEkBXUIrt2ozEkrTmGA0qHod6 s1//3VGT6Up3o99BkgOLbqVnCs8uwd2LnwBDq8BFqkxdEp6ATtqRl7ihxACbuJ9/YmXd 1NByJg8u817PNzSAq19hzozeNiQV0KxYQwjGB/MLrqUfPHIpAakjU9l7XIQ7TIwMnUKs 7AAg== Received: by 10.204.157.7 with SMTP id z7mr8622541bkw.14.1345066398145; Wed, 15 Aug 2012 14:33:18 -0700 (PDT) Received: from jig.fritz.box (pD9EB4B03.dip.t-dialin.net. [217.235.75.3]) by mx.google.com with ESMTPS id n17sm1372127bks.6.2012.08.15.14.33.16 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 15 Aug 2012 14:33:17 -0700 (PDT) From: Mathias Krause To: "David S. Miller" Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Mathias Krause , Wensong Zhang , Simon Horman , Julian Anastasov Subject: [PATCH 13/14] ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT) Date: Wed, 15 Aug 2012 23:31:56 +0200 Message-Id: <1345066317-22512-14-git-send-email-minipli@googlemail.com> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1345066317-22512-1-git-send-email-minipli@googlemail.com> References: <1345066317-22512-1-git-send-email-minipli@googlemail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org If at least one of CONFIG_IP_VS_PROTO_TCP or CONFIG_IP_VS_PROTO_UDP is not set, __ip_vs_get_timeouts() does not fully initialize the structure that gets copied to userland and that for leaks up to 12 bytes of kernel stack. Add an explicit memset(0) before passing the structure to __ip_vs_get_timeouts() to avoid the info leak. Signed-off-by: Mathias Krause Cc: Wensong Zhang Cc: Simon Horman Cc: Julian Anastasov --- net/netfilter/ipvs/ip_vs_ctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 84444dd..72bf32a 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -2759,6 +2759,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) { struct ip_vs_timeout_user t; + memset(&t, 0, sizeof(t)); __ip_vs_get_timeouts(net, &t); if (copy_to_user(user, &t, sizeof(t)) != 0) ret = -EFAULT;