{"id":806127,"url":"http://patchwork.ozlabs.org/api/1.2/patches/806127/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/patch/1503760140-9095-5-git-send-email-minipli@googlemail.com/","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/1.2/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1503760140-9095-5-git-send-email-minipli@googlemail.com>","list_archive_url":null,"date":"2017-08-26T15:09:00","name":"[net,4/4] xfrm_user: fix info leak in build_aevent()","commit_ref":null,"pull_url":null,"state":"awaiting-upstream","archived":true,"hash":"ce575bc1b9d6d118e4c5154517c77ff8d3722474","submitter":{"id":6743,"url":"http://patchwork.ozlabs.org/api/1.2/people/6743/?format=json","name":"Mathias Krause","email":"minipli@googlemail.com"},"delegate":{"id":34,"url":"http://patchwork.ozlabs.org/api/1.2/users/34/?format=json","username":"davem","first_name":"David","last_name":"Miller","email":"davem@davemloft.net"},"mbox":"http://patchwork.ozlabs.org/project/netdev/patch/1503760140-9095-5-git-send-email-minipli@googlemail.com/mbox/","series":[],"comments":"http://patchwork.ozlabs.org/api/patches/806127/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/806127/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=googlemail.com header.i=@googlemail.com\n\theader.b=\"GXc1+Mqa\"; dkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xfhKB0c4Gz9t5X\n\tfor ;\n\tSun, 27 Aug 2017 01:09:50 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751177AbdHZPJm (ORCPT );\n\tSat, 26 Aug 2017 11:09:42 -0400","from mail-wr0-f194.google.com ([209.85.128.194]:38389 \"EHLO\n\tmail-wr0-f194.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1751063AbdHZPJb (ORCPT\n\t); Sat, 26 Aug 2017 11:09:31 -0400","by mail-wr0-f194.google.com with SMTP id o76so1498626wrb.5\n\tfor ; Sat, 26 Aug 2017 08:09:31 -0700 (PDT)","from jig.fritz.box (ip-90-186-2-57.web.vodafone.de. [90.186.2.57])\n\tby smtp.gmail.com with ESMTPSA id\n\tj15sm7126308wmg.14.2017.08.26.08.09.29\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tSat, 26 Aug 2017 08:09:30 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=googlemail.com; s=20161025;\n\th=from:to:cc:subject:date:message-id:in-reply-to:references;\n\tbh=cLQ9JL76BsR6i0jLkBE/srZ5e+fj9w1AR5xtZCT9LjU=;\n\tb=GXc1+Mqasevv/DtPjNLrYi4TFFhLzXG7LFNeQ28I/CAxnHf7u/2qky7Wdfetk6bQzo\n\tfYf7y8dZOEf9dTB21e/2QdDeecIy5BJ6WyheAfljD7GsbfBKhiruABX6Gla8aoR5TDzn\n\t6JyQLkgO+HVRpSus7x6dg1/XZXn8tT0uBaLV/DkV77gO8suCtiG3wgv8oUQcAyGbyiyO\n\tl61Jm7F4ayaGQq7rLnHVFVjLQr3A2Nc9sZbB7bBLOWj/pMSopnZ1WZzX37lymsnG543L\n\tZ+imwZsjUtdeTT6KBLYLmuUOB1SvuxB+v4LGV8JOLYNuRP44TUanJrPRHM+hlYcE97N+\n\tYXDA==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\n\t:references;\n\tbh=cLQ9JL76BsR6i0jLkBE/srZ5e+fj9w1AR5xtZCT9LjU=;\n\tb=PLZeauA32RaiHvWJBwsqccwOtMlIvfEndlnFjtJGt+amYFfbOHfQWACmJGH2TvKjFJ\n\tf5PvuqMHUjlmbCaywRrsUTyNLa+sJ7n2hepyWZEpje2tSOx2LQda6vddbEoD3JG4ZYTn\n\tNY6GwEukL1gHTEsUdzc+ZD+b16JzsKLVkbaHOUMT3R+jNQT77wQ7Db9iRV24c9mTsCQm\n\tVEuZcIsG2XKnZGKcsv2UZfFA6+6mD0ihgtCm5sV3KbPoPDVHwPwtuJO2/e7Q1EOJdGce\n\t2xh2izvM9z7wkugpvhaONYcDw/ah2iQV82S4in+/amfAeUQqJgaGUwLZybBx/yqUGS5P\n\tR8hw==","X-Gm-Message-State":"AHYfb5hL3OVSar+KLSKlWFn9M7lt6k3Le9xsNdwXNbmW52rPt3YqKfvX\n\tvxpvpA7ynrvG+g==","X-Received":"by 10.223.136.151 with SMTP id f23mr1188069wrf.193.1503760170725;\n\tSat, 26 Aug 2017 08:09:30 -0700 (PDT)","From":"Mathias Krause ","To":"Steffen Klassert ,\n\t\"David S. Miller\" ,\n\tHerbert Xu ","Cc":"netdev@vger.kernel.org, Mathias Krause ,\n\tJamal Hadi Salim ","Subject":"[PATCH net 4/4] xfrm_user: fix info leak in build_aevent()","Date":"Sat, 26 Aug 2017 17:09:00 +0200","Message-Id":"<1503760140-9095-5-git-send-email-minipli@googlemail.com>","X-Mailer":"git-send-email 1.7.10.4","In-Reply-To":"<1503760140-9095-1-git-send-email-minipli@googlemail.com>","References":"<1503760140-9095-1-git-send-email-minipli@googlemail.com>","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netdev@vger.kernel.org"},"content":"The memory reserved to dump the ID of the xfrm state includes a padding\nbyte in struct xfrm_usersa_id added by the compiler for alignment. To\nprevent the heap info leak, memset(0) the sa_id before filling it.\n\nCc: Jamal Hadi Salim \nFixes: d51d081d6504 (\"[IPSEC]: Sync series - user\")\nSigned-off-by: Mathias Krause \n---\n net/xfrm/xfrm_user.c | 1 +\n 1 file changed, 1 insertion(+)","diff":"diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c\nindex 2cbdc81610c6..9391ced05259 100644\n--- a/net/xfrm/xfrm_user.c\n+++ b/net/xfrm/xfrm_user.c\n@@ -1869,6 +1869,7 @@ static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, const struct\n \t\treturn -EMSGSIZE;\n \n \tid = nlmsg_data(nlh);\n+\tmemset(&id->sa_id, 0, sizeof(id->sa_id));\n \tmemcpy(&id->sa_id.daddr, &x->id.daddr, sizeof(x->id.daddr));\n \tid->sa_id.spi = x->id.spi;\n \tid->sa_id.family = x->props.family;\n","prefixes":["net","4/4"]}