From: Don Zickus <dzickus@redhat.com>
Date: Thu, 17 Sep 2009 16:59:50 -0400
Subject: Revert: [net] atalk/irda: memory leak to user in getname
Message-id: 20090917205950.GD3913@redhat.com
O-Subject: Re: [PATCH RHEL5.5] net: atalk/irda avoid leak kernel memory to user in getname()
Bugzilla: 519310
CVE: CVE-2009-3001 CVE-2009-3002
On Fri, Aug 28, 2009 at 05:28:41AM -0400, Danny Feng wrote:
> RHBZ#:
> https://bugzilla.redhat.com/show_bug.cgi?id=519310
>
> Description:
> There are numerous getname() infoleaks in rhel5, including
> appletalk and irda. Backport upstream patches to avoid leak
> kernel memory to users.
>
> Upstream status:
> [irda]:http://git.kernel.org/linus/09384dfc76e526c3993c09c42e016372dc9dd22c
> [appletalk]:http://git.kernel.org/linus/3d392475c873c10c10d6d96b94d092a34ebd4791
>
> Brew #:
> https://brewweb.devel.redhat.com/taskinfo?taskID=1945684
>
> KABI:
> no harm
Just an FYI, this patch is being reverted because we don't have to
appletalk and irda protocols enabled in RHEL-5.
Cheers,
Don
diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
index 983ed04..96dc6bb 100644
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -1237,7 +1237,6 @@ static int atalk_getname(struct socket *sock, struct sockaddr *uaddr,
return -ENOBUFS;
*uaddr_len = sizeof(struct sockaddr_at);
- memset(&sat.sat_zero, 0, sizeof(sat.sat_zero));
if (peer) {
if (sk->sk_state != TCP_ESTABLISHED)
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index f51de09..17699ee 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -721,7 +721,6 @@ static int irda_getname(struct socket *sock, struct sockaddr *uaddr,
struct sock *sk = sock->sk;
struct irda_sock *self = irda_sk(sk);
- memset(&saddr, 0, sizeof(saddr));
if (peer) {
if (sk->sk_state != TCP_ESTABLISHED)
return -ENOTCONN;
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
fc11cd6e1c513a17304da94a5390f3cd
>
files
>
3031
