From 7a3b68434b1b5fb7b9a6184efb26822cd1a54cc8 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Mon, 22 Apr 2013 20:22:51 +0000 Subject: netrom: info leak in ->getname() The sockaddr_ax25 struct has a 3 byte hole between ->sax25_call and ->sax25_ndigis. I've added a memset to avoid leaking uninitialized stack data to userspace. Signed-off-by: Dan Carpenter Acked-by: Ralf Baechle Signed-off-by: David S. Miller --- net/netrom/af_netrom.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c index 103bd70..ec0c80f 100644 --- a/net/netrom/af_netrom.c +++ b/net/netrom/af_netrom.c @@ -834,6 +834,8 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr, struct sock *sk = sock->sk; struct nr_sock *nr = nr_sk(sk); + memset(&sax->fsa_ax25, 0, sizeof(struct sockaddr_ax25)); + lock_sock(sk); if (peer != 0) { if (sk->sk_state != TCP_ESTABLISHED) { -- cgit v1.1