This is a note to let you know that I've just added the patch titled unix_diag: fix info leak to the 3.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: unix_diag-fix-info-leak.patch and it can be found in the queue-3.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 5702013cb615a6431f1549670c7d9a613c06886e Mon Sep 17 00:00:00 2001 From: Mathias Krause <minipli@xxxxxxxxxxxxxx> Date: Mon, 30 Sep 2013 22:05:40 +0200 Subject: unix_diag: fix info leak From: Mathias Krause <minipli@xxxxxxxxxxxxxx> [ Upstream commit 6865d1e834be84ddd5808d93d5035b492346c64a ] When filling the netlink message we miss to wipe the pad field, therefore leak one byte of heap memory to userland. Fix this by setting pad to 0. Signed-off-by: Mathias Krause <minipli@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- net/unix/diag.c | 1 + 1 file changed, 1 insertion(+) --- a/net/unix/diag.c +++ b/net/unix/diag.c @@ -134,6 +134,7 @@ static int sk_diag_fill(struct sock *sk, rep->udiag_family = AF_UNIX; rep->udiag_type = sk->sk_type; rep->udiag_state = sk->sk_state; + rep->pad = 0; rep->udiag_ino = sk_ino; sock_diag_save_cookie(sk, rep->udiag_cookie); Patches currently in stable-queue which might be from minipli@xxxxxxxxxxxxxx are queue-3.4/unix_diag-fix-info-leak.patch queue-3.4/proc-connector-fix-info-leaks.patch queue-3.4/connector-use-nlmsg_len-to-check-message-length.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html