summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMathias Krause <minipli@googlemail.com>2013-09-30 22:05:40 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2013-11-04 04:31:02 -0800
commit39283085a92262f9446b95d36df9724902b7579a (patch)
treec416c8b00c519e8ded53981fc5d398ade745d5c2
parent3a26736015acfc8745db623efa7f57bc982ed516 (diff)
downloadlinux-3.10-39283085a92262f9446b95d36df9724902b7579a.tar.gz
linux-3.10-39283085a92262f9446b95d36df9724902b7579a.tar.bz2
linux-3.10-39283085a92262f9446b95d36df9724902b7579a.zip
unix_diag: fix info leak
[ Upstream commit 6865d1e834be84ddd5808d93d5035b492346c64a ] When filling the netlink message we miss to wipe the pad field, therefore leak one byte of heap memory to userland. Fix this by setting pad to 0. Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--net/unix/diag.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/unix/diag.c b/net/unix/diag.c
index d591091603b..86fa0f3b2ca 100644
--- a/net/unix/diag.c
+++ b/net/unix/diag.c
@@ -124,6 +124,7 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r
rep->udiag_family = AF_UNIX;
rep->udiag_type = sk->sk_type;
rep->udiag_state = sk->sk_state;
+ rep->pad = 0;
rep->udiag_ino = sk_ino;
sock_diag_save_cookie(sk, rep->udiag_cookie);