[CVE-2010-3877] net: tipc: fix information leak to userland
Brad Figg
brad.figg at canonical.com
Wed Feb 2 01:35:47 UTC 2011
On 02/01/2011 07:52 AM, Andy Whitcroft wrote:
> CVE-2010-3877:
>
> Structure sockaddr_tipc is copied to userland with padding bytes
> after "id" field in union field "name" unitialized. It leads to
> leaking of contents of kernel stack memory. We have to initialize
> them to zero.
>
> This fix is already upstream in the commit below:
>
> commit 88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52
> Author: Kulikov Vasiliy<segooon at gmail.com>
> Date: Sun Oct 31 07:10:32 2010 +0000
>
> net: tipc: fix information leak to userland
>
> Structure sockaddr_tipc is copied to userland with padding bytes after
> "id" field in union field "name" unitialized. It leads to leaking of
> contents of kernel stack memory. We have to initialize them to zero.
>
> Signed-off-by: Vasiliy Kulikov<segooon at gmail.com>
> Signed-off-by: David S. Miller<davem at davemloft.net>
>
> This commit cherry-picks cleanly back to Maverick, Lucid, and Karmic;
> I have backported the same fix to Hardy; Dapper is unaffected as it does
> not have the said protocol.
>
> Following this email are two patches, one applies cleanly to Maverick,
> Lucid, and Karmic. The other is for Hardy.
>
> -apw
>
Acked-by: Brad Figg <brad.figg at canonical.com>
--
Brad Figg brad.figg at canonical.com http://www.canonical.com
More information about the kernel-team
mailing list