{"id":807029,"url":"http://patchwork.ozlabs.org/api/patches/807029/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/patch/1504002694-1931-8-git-send-email-steffen.klassert@secunet.com/","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1504002694-1931-8-git-send-email-steffen.klassert@secunet.com>","list_archive_url":null,"date":"2017-08-29T10:31:34","name":"[7/7] xfrm_user: fix info leak in build_aevent()","commit_ref":null,"pull_url":null,"state":"accepted","archived":true,"hash":"ce575bc1b9d6d118e4c5154517c77ff8d3722474","submitter":{"id":1442,"url":"http://patchwork.ozlabs.org/api/people/1442/?format=json","name":"Steffen Klassert","email":"steffen.klassert@secunet.com"},"delegate":{"id":34,"url":"http://patchwork.ozlabs.org/api/users/34/?format=json","username":"davem","first_name":"David","last_name":"Miller","email":"davem@davemloft.net"},"mbox":"http://patchwork.ozlabs.org/project/netdev/patch/1504002694-1931-8-git-send-email-steffen.klassert@secunet.com/mbox/","series":[{"id":343,"url":"http://patchwork.ozlabs.org/api/series/343/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/list/?series=343","date":"2017-08-29T10:31:28","name":"[1/7] net: xfrm: don't double-hold dst when sk_policy in use.","version":1,"mbox":"http://patchwork.ozlabs.org/series/343/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/807029/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/807029/checks/","tags":{},"related":[],"headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xhQDq4Sl7z9s71\n\tfor <patchwork-incoming@ozlabs.org>;\n\tTue, 29 Aug 2017 20:42:01 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1752272AbdH2Kbq (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tTue, 29 Aug 2017 06:31:46 -0400","from a.mx.secunet.com ([62.96.220.36]:50686 \"EHLO a.mx.secunet.com\"\n\trhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP\n\tid S1751238AbdH2Kbp (ORCPT <rfc822;netdev@vger.kernel.org>);\n\tTue, 29 Aug 2017 06:31:45 -0400","from localhost (localhost [127.0.0.1])\n\tby a.mx.secunet.com (Postfix) with ESMTP id 72B9420184;\n\tTue, 29 Aug 2017 12:31:44 +0200 (CEST)","from a.mx.secunet.com ([127.0.0.1])\n\tby localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id ZUZXYYxqMsp9; Tue, 29 Aug 2017 12:31:43 +0200 (CEST)","from mail-essen-01.secunet.de (mail-essen-01.secunet.de\n\t[10.53.40.204])\n\t(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby a.mx.secunet.com (Postfix) with ESMTPS id 3901C2018E;\n\tTue, 29 Aug 2017 12:31:42 +0200 (CEST)","from gauss2.secunet.de (10.182.7.193) by mail-essen-01.secunet.de\n\t(10.53.40.204) with Microsoft SMTP Server id 14.3.361.1;\n\tTue, 29 Aug 2017 12:31:41 +0200","by gauss2.secunet.de (Postfix, from userid 1000) id 973BF140583;\n\tTue, 29 Aug 2017 12:31:41 +0200 (CEST)"],"X-Virus-Scanned":"by secunet","From":"Steffen Klassert <steffen.klassert@secunet.com>","To":"David Miller <davem@davemloft.net>","CC":"Herbert Xu <herbert@gondor.apana.org.au>,\n\tSteffen Klassert <steffen.klassert@secunet.com>, <netdev@vger.kernel.org>","Subject":"[PATCH 7/7] xfrm_user: fix info leak in build_aevent()","Date":"Tue, 29 Aug 2017 12:31:34 +0200","Message-ID":"<1504002694-1931-8-git-send-email-steffen.klassert@secunet.com>","X-Mailer":"git-send-email 2.7.4","In-Reply-To":"<1504002694-1931-1-git-send-email-steffen.klassert@secunet.com>","References":"<1504002694-1931-1-git-send-email-steffen.klassert@secunet.com>","MIME-Version":"1.0","Content-Type":"text/plain","X-G-Data-MailSecurity-for-Exchange-State":"0","X-G-Data-MailSecurity-for-Exchange-Error":"0","X-G-Data-MailSecurity-for-Exchange-Sender":"23","X-G-Data-MailSecurity-for-Exchange-Server":"d65e63f7-5c15-413f-8f63-c0d707471c93","X-EXCLAIMER-MD-CONFIG":"2c86f778-e09b-4440-8b15-867914633a10","X-G-Data-MailSecurity-for-Exchange-Guid":"2C6E0AB4-B4B7-4148-9193-5A3F5BB17CDA","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"},"content":"From: Mathias Krause <minipli@googlemail.com>\n\nThe memory reserved to dump the ID of the xfrm state includes a padding\nbyte in struct xfrm_usersa_id added by the compiler for alignment. To\nprevent the heap info leak, memset(0) the sa_id before filling it.\n\nCc: Jamal Hadi Salim <jhs@mojatatu.com>\nFixes: d51d081d6504 (\"[IPSEC]: Sync series - user\")\nSigned-off-by: Mathias Krause <minipli@googlemail.com>\nSigned-off-by: Steffen Klassert <steffen.klassert@secunet.com>\n---\n net/xfrm/xfrm_user.c | 1 +\n 1 file changed, 1 insertion(+)","diff":"diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c\nindex 2cbdc81..9391ced 100644\n--- a/net/xfrm/xfrm_user.c\n+++ b/net/xfrm/xfrm_user.c\n@@ -1869,6 +1869,7 @@ static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, const struct\n \t\treturn -EMSGSIZE;\n \n \tid = nlmsg_data(nlh);\n+\tmemset(&id->sa_id, 0, sizeof(id->sa_id));\n \tmemcpy(&id->sa_id.daddr, &x->id.daddr, sizeof(x->id.daddr));\n \tid->sa_id.spi = x->id.spi;\n \tid->sa_id.family = x->props.family;\n","prefixes":["7/7"]}