On Tue, Nov 09, 2010 at 09:26 -0800, David Miller wrote:
> From: Vasiliy Kulikov <segooon@xxxxxxxxx>
> Date: Sun, 31 Oct 2010 20:10:32 +0300
>
> > Structure sockaddr_tipc is copied to userland with padding bytes after
> > "id" field in union field "name" unitialized. It leads to leaking of
> > contents of kernel stack memory. We have to initialize them to zero.
> >
> > Signed-off-by: Vasiliy Kulikov <segooon@xxxxxxxxx>
>
> Applied.
>
> Patches #1 and #2 were given feedback which I need you to integrate
> and submit new patches based upon, thanks.
About #2:
I still think that this:
if (dev)
strncpy(uaddr->sa_data, dev->name, 14);
else
memset(uaddr->sa_data, 0, 14);
is better than this:
memset(uaddr->sa_data, 0, 14);
dev = dev_get_by_index_rcu(sock_net(sk), pkt_sk(sk)->ifindex);
if (dev)
strlcpy(uaddr->sa_data, dev->name, 15);
Doesn't it? Explicitly filling with zero on the same "if" level is
slightly easier to read and understand.
--
Vasiliy
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
