[Lucid][CVE-2013-2237] af_key: initialize satype in key_notify_policy_flush()
Luis Henriques
luis.henriques at canonical.com
Mon Jul 8 12:58:27 UTC 2013
From: Nicolas Dichtel <nicolas.dichtel at 6wind.com>
BugLink: http://bugs.launchpad.net/bugs/1198296
CVE-2013-2237
This field was left uninitialized. Some user daemons perform check against this
field.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel at 6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert at secunet.com>
(cherry picked from commit 85dfb745ee40232876663ae206cba35f24ab2a40)
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
net/key/af_key.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 03d626f..9d22e46 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2694,6 +2694,7 @@ static int key_notify_policy_flush(struct km_event *c)
hdr->sadb_msg_pid = c->pid;
hdr->sadb_msg_version = PF_KEY_V2;
hdr->sadb_msg_errno = (uint8_t) 0;
+ hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
hdr->sadb_msg_reserved = 0;
pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
--
1.8.1.2
More information about the kernel-team
mailing list