CVE-2016-5244 info leak in rds (rhbz 1343338 1343337)

This commit is contained in:
Josh Boyer 2016-06-07 08:24:30 -04:00
parent eadac3aca5
commit 5260b99d65
2 changed files with 35 additions and 0 deletions

View File

@ -628,6 +628,9 @@ Patch720: tipc-check-nl-sock-before-parsing-nested-attributes.patch
#CVE-2016-5243 rhbz 1343338 1343335
Patch721: tipc-fix-an-infoleak-in-tipc_nl_compat_link_dump.patch
#CVE-2016-5244 rhbz 1343338 1343337
Patch722: rds-fix-an-infoleak-in-rds_inc_info_copy.txt
# END OF PATCH DEFINITIONS
%endif
@ -2154,6 +2157,7 @@ fi
#
%changelog
* Tue Jun 07 2016 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2016-5244 info leak in rds (rhbz 1343338 1343337)
- CVE-2016-5243 info leak in tipc (rhbz 1343338 1343335)
* Wed Jun 01 2016 Josh Boyer <jwboyer@fedoraproject.org>

View File

@ -0,0 +1,31 @@
From 4116def2337991b39919f3b448326e21c40e0dbb Mon Sep 17 00:00:00 2001
From: Kangjie Lu <kangjielu@gmail.com>
Date: Thu, 2 Jun 2016 04:11:20 -0400
Subject: rds: fix an infoleak in rds_inc_info_copy
The last field "flags" of object "minfo" is not initialized.
Copying this object out may leak kernel stack data.
Assign 0 to it to avoid leak.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/rds/recv.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/rds/recv.c b/net/rds/recv.c
index c0be1ec..8413f6c 100644
--- a/net/rds/recv.c
+++ b/net/rds/recv.c
@@ -561,5 +561,7 @@ void rds_inc_info_copy(struct rds_incoming *inc,
minfo.fport = inc->i_hdr.h_dport;
}
+ minfo.flags = 0;
+
rds_info_copy(iter, &minfo, sizeof(minfo));
}
--
cgit v0.12