[3.5.y.z extended stable] Patch "unix_diag: fix info leak" has been added to staging queue
Luis Henriques
luis.henriques at canonical.com
Mon Oct 28 10:30:23 UTC 2013
This is a note to let you know that I have just added a patch titled
unix_diag: fix info leak
to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree
which can be found at:
http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue
If you, or anyone else, feels it should not be added to this tree, please
reply to this email.
For more information about the 3.5.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
Thanks.
-Luis
------
>From 1c3a0934015f0b829e290ac562a286301ed2322d Mon Sep 17 00:00:00 2001
From: Mathias Krause <minipli at googlemail.com>
Date: Mon, 30 Sep 2013 22:05:40 +0200
Subject: [PATCH] unix_diag: fix info leak
commit 6865d1e834be84ddd5808d93d5035b492346c64a upstream.
When filling the netlink message we miss to wipe the pad field,
therefore leak one byte of heap memory to userland. Fix this by
setting pad to 0.
Signed-off-by: Mathias Krause <minipli at googlemail.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
net/unix/diag.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/unix/diag.c b/net/unix/diag.c
index 47d3002..1b4d8fc 100644
--- a/net/unix/diag.c
+++ b/net/unix/diag.c
@@ -134,6 +134,7 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r
rep->udiag_family = AF_UNIX;
rep->udiag_type = sk->sk_type;
rep->udiag_state = sk->sk_state;
+ rep->pad = 0;
rep->udiag_ino = sk_ino;
sock_diag_save_cookie(sk, rep->udiag_cookie);
--
1.8.3.2
More information about the kernel-team
mailing list