kernel-ark/net/ax25
Mathias Krause ef3313e84a ax25: fix info leak via msg_name in ax25_recvmsg()
When msg_namelen is non-zero the sockaddr info gets filled out, as
requested, but the code fails to initialize the padding bytes of struct
sockaddr_ax25 inserted by the compiler for alignment. Additionally the
msg_namelen value is updated to sizeof(struct full_sockaddr_ax25) but is
not always filled up to this size.

Both issues lead to the fact that the code will leak uninitialized
kernel stack bytes in net/socket.c.

Fix both issues by initializing the memory with memset(0).

Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-07 16:28:00 -04:00
..
af_ax25.c ax25: fix info leak via msg_name in ax25_recvmsg() 2013-04-07 16:28:00 -04:00
ax25_addr.c
ax25_dev.c
ax25_ds_in.c
ax25_ds_subr.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
ax25_ds_timer.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
ax25_iface.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
ax25_in.c
ax25_ip.c
ax25_out.c
ax25_route.c
ax25_std_in.c
ax25_std_subr.c
ax25_std_timer.c
ax25_subr.c
ax25_timer.c
ax25_uid.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
Kconfig
Makefile
sysctl_net_ax25.c
TODO