Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak

From: sohu0106
Date: Thu Aug 03 2017 - 10:03:09 EST

Next message: Thomas Bogendoerfer: "[PATCH net] xgene: Always get clk source, but ignore if it's missing for SGMII ports"
Previous message: David.Wu: "Re: [PATCH v3 05/11] net: stmmac: dwmac-rk: Add internal phy support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sometimes irda_getsockopt() doesn't initialize all members of list field of irda_device_list struct. ÂThis structure is then copied to
userland. ÂIt leads to leaking of contents of kernel stack memory. Â

2 Ânet/irda/af_irda.c
@@ -2248,6 +2248,8 @@ static int irda_getsockopt(struct socket *sock, int level, int optname,
Â err = -EINVAL;
Â goto out;
Â }
+
+ memset( &list, 0, sizeof(struct irda_device_list) );
Â
Â /* Ask lmp for the current discovery log */
Â discoveries = irlmp_get_discoveries(&list.len, self->mask.word,

Â

Next message: Thomas Bogendoerfer: "[PATCH net] xgene: Always get clk source, but ignore if it's missing for SGMII ports"
Previous message: David.Wu: "Re: [PATCH v3 05/11] net: stmmac: dwmac-rk: Add internal phy support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]