Re: [PATCH v2] RDMA/ucma: RDMA/ucma: fix a kernel-infoleak in ucma_init_qp_attr()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Feb 04, 2022 at 01:00:36PM +0300, Dan Carpenter wrote:
> From: Haimin Zhang <tcs.kernel@xxxxxxxxx>
> 
> The ib_copy_ah_attr_to_user() function only initializes "resp.grh" if
> the "resp.is_global" flag is set.  Unfortunately, this data is copied to
> the user and copying uninitialized stack data to the user is an
> information leak.  Zero out the whole "resp" struct to be safe.

Hasn't this already been fixed, and more comprehensively too?

commit b35a0f4dd544eaa6162b6d2f13a2557a121ae5fd
Author: Leon Romanovsky <leon@xxxxxxxxxx>
Date:   Tue Jan 4 14:21:52 2022 +0200

    RDMA/core: Don't infoleak GRH fields
    
    If dst->is_global field is not set, the GRH fields are not cleared
    and the following infoleak is reported.

Jason



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux