On Tue, Nov 09, 2010 at 09:26 -0800, David Miller wrote: > From: Vasiliy Kulikov <segooon@xxxxxxxxx> > Date: Sun, 31 Oct 2010 20:10:32 +0300 > > > Structure sockaddr_tipc is copied to userland with padding bytes after > > "id" field in union field "name" unitialized. It leads to leaking of > > contents of kernel stack memory. We have to initialize them to zero. > > > > Signed-off-by: Vasiliy Kulikov <segooon@xxxxxxxxx> > > Applied. > > Patches #1 and #2 were given feedback which I need you to integrate > and submit new patches based upon, thanks. About #2: I still think that this: if (dev) strncpy(uaddr->sa_data, dev->name, 14); else memset(uaddr->sa_data, 0, 14); is better than this: memset(uaddr->sa_data, 0, 14); dev = dev_get_by_index_rcu(sock_net(sk), pkt_sk(sk)->ifindex); if (dev) strlcpy(uaddr->sa_data, dev->name, 15); Doesn't it? Explicitly filling with zero on the same "if" level is slightly easier to read and understand. -- Vasiliy -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html