diff options
author | Mathias Krause <minipli@googlemail.com> | 2013-09-30 22:05:40 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-11-04 04:31:02 -0800 |
commit | 39283085a92262f9446b95d36df9724902b7579a (patch) | |
tree | c416c8b00c519e8ded53981fc5d398ade745d5c2 | |
parent | 3a26736015acfc8745db623efa7f57bc982ed516 (diff) | |
download | linux-3.10-39283085a92262f9446b95d36df9724902b7579a.tar.gz linux-3.10-39283085a92262f9446b95d36df9724902b7579a.tar.bz2 linux-3.10-39283085a92262f9446b95d36df9724902b7579a.zip |
unix_diag: fix info leak
[ Upstream commit 6865d1e834be84ddd5808d93d5035b492346c64a ]
When filling the netlink message we miss to wipe the pad field,
therefore leak one byte of heap memory to userland. Fix this by
setting pad to 0.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | net/unix/diag.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/unix/diag.c b/net/unix/diag.c index d591091603b..86fa0f3b2ca 100644 --- a/net/unix/diag.c +++ b/net/unix/diag.c @@ -124,6 +124,7 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r rep->udiag_family = AF_UNIX; rep->udiag_type = sk->sk_type; rep->udiag_state = sk->sk_state; + rep->pad = 0; rep->udiag_ino = sk_ino; sock_diag_save_cookie(sk, rep->udiag_cookie); |