{"id":807039,"url":"http://patchwork.ozlabs.org/api/patches/807039/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/patch/1504002694-1931-5-git-send-email-steffen.klassert@secunet.com/","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1504002694-1931-5-git-send-email-steffen.klassert@secunet.com>","list_archive_url":null,"date":"2017-08-29T10:31:31","name":"[4/7] xfrm_user: fix info leak in copy_user_offload()","commit_ref":null,"pull_url":null,"state":"accepted","archived":true,"hash":"8728d1e3acc53fd07fdb74798add4438341b11e0","submitter":{"id":1442,"url":"http://patchwork.ozlabs.org/api/people/1442/?format=json","name":"Steffen Klassert","email":"steffen.klassert@secunet.com"},"delegate":{"id":34,"url":"http://patchwork.ozlabs.org/api/users/34/?format=json","username":"davem","first_name":"David","last_name":"Miller","email":"davem@davemloft.net"},"mbox":"http://patchwork.ozlabs.org/project/netdev/patch/1504002694-1931-5-git-send-email-steffen.klassert@secunet.com/mbox/","series":[{"id":343,"url":"http://patchwork.ozlabs.org/api/series/343/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/list/?series=343","date":"2017-08-29T10:31:28","name":"[1/7] net: xfrm: don't double-hold dst when sk_policy in use.","version":1,"mbox":"http://patchwork.ozlabs.org/series/343/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/807039/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/807039/checks/","tags":{},"related":[],"headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xhQWN1N21z9s7f\n\tfor <patchwork-incoming@ozlabs.org>;\n\tTue, 29 Aug 2017 20:54:40 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1752341AbdH2KcL (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tTue, 29 Aug 2017 06:32:11 -0400","from a.mx.secunet.com ([62.96.220.36]:50664 \"EHLO a.mx.secunet.com\"\n\trhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP\n\tid S1751935AbdH2Kbn (ORCPT <rfc822;netdev@vger.kernel.org>);\n\tTue, 29 Aug 2017 06:31:43 -0400","from localhost (localhost [127.0.0.1])\n\tby a.mx.secunet.com (Postfix) with ESMTP id 76E4B20191;\n\tTue, 29 Aug 2017 12:31:42 +0200 (CEST)","from a.mx.secunet.com ([127.0.0.1])\n\tby localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id quzv_OZo0dOI; Tue, 29 Aug 2017 12:31:42 +0200 (CEST)","from mail-essen-01.secunet.de (mail-essen-01.secunet.de\n\t[10.53.40.204])\n\t(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby a.mx.secunet.com (Postfix) with ESMTPS id A5BD2201A1;\n\tTue, 29 Aug 2017 12:31:41 +0200 (CEST)","from gauss2.secunet.de (10.182.7.193) by mail-essen-01.secunet.de\n\t(10.53.40.204) with Microsoft SMTP Server id 14.3.361.1;\n\tTue, 29 Aug 2017 12:31:41 +0200","by gauss2.secunet.de (Postfix, from userid 1000) id 1AA62140589;\n\tTue, 29 Aug 2017 12:31:41 +0200 (CEST)"],"X-Virus-Scanned":"by secunet","From":"Steffen Klassert <steffen.klassert@secunet.com>","To":"David Miller <davem@davemloft.net>","CC":"Herbert Xu <herbert@gondor.apana.org.au>,\n\tSteffen Klassert <steffen.klassert@secunet.com>, <netdev@vger.kernel.org>","Subject":"[PATCH 4/7] xfrm_user: fix info leak in copy_user_offload()","Date":"Tue, 29 Aug 2017 12:31:31 +0200","Message-ID":"<1504002694-1931-5-git-send-email-steffen.klassert@secunet.com>","X-Mailer":"git-send-email 2.7.4","In-Reply-To":"<1504002694-1931-1-git-send-email-steffen.klassert@secunet.com>","References":"<1504002694-1931-1-git-send-email-steffen.klassert@secunet.com>","MIME-Version":"1.0","Content-Type":"text/plain","X-G-Data-MailSecurity-for-Exchange-State":"0","X-G-Data-MailSecurity-for-Exchange-Error":"0","X-G-Data-MailSecurity-for-Exchange-Sender":"23","X-G-Data-MailSecurity-for-Exchange-Server":"d65e63f7-5c15-413f-8f63-c0d707471c93","X-EXCLAIMER-MD-CONFIG":"2c86f778-e09b-4440-8b15-867914633a10","X-G-Data-MailSecurity-for-Exchange-Guid":"6EF4D22C-3460-428C-ADA8-3E0BF324BD2C","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"},"content":"From: Mathias Krause <minipli@googlemail.com>\n\nThe memory reserved to dump the xfrm offload state includes padding\nbytes of struct xfrm_user_offload added by the compiler for alignment.\nAdd an explicit memset(0) before filling the buffer to avoid the heap\ninfo leak.\n\nCc: Steffen Klassert <steffen.klassert@secunet.com>\nFixes: d77e38e612a0 (\"xfrm: Add an IPsec hardware offloading API\")\nSigned-off-by: Mathias Krause <minipli@googlemail.com>\nSigned-off-by: Steffen Klassert <steffen.klassert@secunet.com>\n---\n net/xfrm/xfrm_user.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)","diff":"diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c\nindex 2be4c6a..3259555 100644\n--- a/net/xfrm/xfrm_user.c\n+++ b/net/xfrm/xfrm_user.c\n@@ -796,7 +796,7 @@ static int copy_user_offload(struct xfrm_state_offload *xso, struct sk_buff *skb\n \t\treturn -EMSGSIZE;\n \n \txuo = nla_data(attr);\n-\n+\tmemset(xuo, 0, sizeof(*xuo));\n \txuo->ifindex = xso->dev->ifindex;\n \txuo->flags = xso->flags;\n \n","prefixes":["4/7"]}