summaryrefslogtreecommitdiff
path: root/net/wimax
diff options
context:
space:
mode:
authorClément Lecigne <clement.lecigne@netasq.com>2009-02-12 16:59:09 -0800
committerDavid S. Miller <davem@davemloft.net>2009-02-12 16:59:09 -0800
commitdf0bca049d01c0ee94afb7cd5dfd959541e6c8da (patch)
tree32df8eca11e248b8ae89d869a89bbd12a853f377 /net/wimax
parent354b45fff90c3448c1eadabfad6ae7b8b8a2a237 (diff)
downloadlinux-3.10-df0bca049d01c0ee94afb7cd5dfd959541e6c8da.tar.gz
linux-3.10-df0bca049d01c0ee94afb7cd5dfd959541e6c8da.tar.bz2
linux-3.10-df0bca049d01c0ee94afb7cd5dfd959541e6c8da.zip
net: 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2
In function sock_getsockopt() located in net/core/sock.c, optval v.val is not correctly initialized and directly returned in userland in case we have SO_BSDCOMPAT option set. This dummy code should trigger the bug: int main(void) { unsigned char buf[4] = { 0, 0, 0, 0 }; int len; int sock; sock = socket(33, 2, 2); getsockopt(sock, 1, SO_BSDCOMPAT, &buf, &len); printf("%x%x%x%x\n", buf[0], buf[1], buf[2], buf[3]); close(sock); } Here is a patch that fix this bug by initalizing v.val just after its declaration. Signed-off-by: Clément Lecigne <clement.lecigne@netasq.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/wimax')
0 files changed, 0 insertions, 0 deletions