From: Jiri Pirko <jpirko@redhat.com> Date: Thu, 2 Dec 2010 14:30:05 -0500 Subject: [net] tipc: fix information leak to userland Message-id: <20101202143004.GD4277@psychotron.brq.redhat.com> Patchwork-id: 29792 O-Subject: [RHEL5.6 patch] BZ649892 CVE-2010-3877 net: tipc: fix information leak to userland Bugzilla: 649892 CVE: CVE-2010-3877 BZ649892 https://bugzilla.redhat.com/show_bug.cgi?id=649892 Description: Structure sockaddr_tipc is copied to userland with padding bytes after "id" field in union field "name" unitialized. It leads to leaking of contents of kernel stack memory. We have to initialize them to zero. Upstream: http://git.kernel.org/linus/88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52 Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=2927076 Jirka Signed-off-by: Jiri Pirko <jpirko@redhat.com> Signed-off-by: Jarod Wilson <jarod@redhat.com> diff --git a/net/tipc/socket.c b/net/tipc/socket.c index 32d7784..39882e6 100644 --- a/net/tipc/socket.c +++ b/net/tipc/socket.c @@ -364,6 +364,7 @@ static int get_name(struct socket *sock, struct sockaddr *uaddr, struct sockaddr_tipc *addr = (struct sockaddr_tipc *)uaddr; u32 res; + memset(addr, 0, sizeof(*addr)); if (down_interruptible(&tsock->sem)) return -ERESTARTSYS;
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
27922b4260f65d317aabda37e42bbbff
>
files
>
3185
