[2/2] net: ax25: fix information leak to userland harder

Message ID	1296496755-16815-3-git-send-email-apw@canonical.com
State	Accepted
Commit	b3a0461263b9fbe717d064aed4c108f745d3b497
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> From: Andy Whitcroft <apw@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [PATCH 2/2] net: ax25: fix information leak to userland harder Date: Mon, 31 Jan 2011 17:59:15 +0000 Message-Id: <1296496755-16815-3-git-send-email-apw@canonical.com> In-Reply-To: <1296496755-16815-1-git-send-email-apw@canonical.com> References: <1296496755-16815-1-git-send-email-apw@canonical.com> Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com

Message ID

1296496755-16815-3-git-send-email-apw@canonical.com

State

Accepted

Commit

b3a0461263b9fbe717d064aed4c108f745d3b497

Headers

From: Andy Whitcroft <apw@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 2/2] net: ax25: fix information leak to userland harder
Date: Mon, 31 Jan 2011 17:59:15 +0000
Message-Id: <1296496755-16815-3-git-send-email-apw@canonical.com>
In-Reply-To: <1296496755-16815-1-git-send-email-apw@canonical.com>
References: <1296496755-16815-1-git-send-email-apw@canonical.com>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: kernel-team-bounces@lists.ubuntu.com
Errors-To: kernel-team-bounces@lists.ubuntu.com

Commit Message

Andy Whitcroft Jan. 31, 2011, 5:59 p.m. UTC

From: Kees Cook <kees.cook@canonical.com>

Commit fe10ae53384e48c51996941b7720ee16995cbcb7 adds a memset() to clear
the structure being sent back to userspace, but accidentally used the
wrong size.

Reported-by: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Kees Cook <kees.cook@canonical.com>
Cc: stable@kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>

CVE-2010-3875
BugLink: http://bugs.launchpad.net/bugs/710714
(cherry picked from commit 5b919f833d9d60588d026ad82d17f17e8872c7a9 upstream)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
---
 net/ax25/af_ax25.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index 6e2371a..763fd0b 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -1392,7 +1392,7 @@  static int ax25_getname(struct socket *sock, struct sockaddr *uaddr,
 	ax25_cb *ax25;
 	int err = 0;
 
-	memset(fsa, 0, sizeof(fsa));
+	memset(fsa, 0, sizeof(*fsa));
 	lock_sock(sk);
 	ax25 = ax25_sk(sk);

[2/2] net: ax25: fix information leak to userland harder

Commit Message

Patch