diff options
author | delphij <delphij@FreeBSD.org> | 2014-07-08 21:54:50 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2014-07-08 21:54:50 +0000 |
commit | 7642e9504ac0d63f22399949935c50539d80d459 (patch) | |
tree | 1ebd2b8a09ad088103bafe31a59e4825a7929382 /sys/netinet/sctp_auth.c | |
parent | abffff4ca73c5d2f27f90182ef9bf715bb532e05 (diff) | |
download | FreeBSD-src-7642e9504ac0d63f22399949935c50539d80d459.zip FreeBSD-src-7642e9504ac0d63f22399949935c50539d80d459.tar.gz |
Fix kernel memory disclosure in control message and SCTP notifications.
Security: FreeBSD-SA-14:17.kmem
Security: CVE-2014-3952, CVE-2014-3953
Diffstat (limited to 'sys/netinet/sctp_auth.c')
-rw-r--r-- | sys/netinet/sctp_auth.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/netinet/sctp_auth.c b/sys/netinet/sctp_auth.c index 08b6a49..d4d4059 100644 --- a/sys/netinet/sctp_auth.c +++ b/sys/netinet/sctp_auth.c @@ -1790,6 +1790,7 @@ sctp_notify_authentication(struct sctp_tcb *stcb, uint32_t indication, SCTP_BUF_LEN(m_notify) = 0; auth = mtod(m_notify, struct sctp_authkey_event *); + memset(auth, 0, sizeof(struct sctp_authkey_event)); auth->auth_type = SCTP_AUTHENTICATION_EVENT; auth->auth_flags = 0; auth->auth_length = sizeof(*auth); |