Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

xfrm_user: fix info leak in copy_user_offload()

The memory reserved to dump the xfrm offload state includes padding
bytes of struct xfrm_user_offload added by the compiler for alignment.
Add an explicit memset(0) before filling the buffer to avoid the heap
info leak.

Cc: Steffen Klassert <steffen.klassert@secunet.com>
Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Mathias Krause 8 years ago
parent
54ffd79079
commit
5fe0d4bd8f
1 changed files with 1 additions and 1 deletions
Unified View Show Diff Stats
  1. 1 1
      net/xfrm/xfrm_user.c

+ 1 - 1
net/xfrm/xfrm_user.c
View File 

@@ -796,7 +796,7 @@ static int copy_user_offload(struct xfrm_state_offload *xso, struct sk_buff *skb
 
 		return -EMSGSIZE;
 
 		return -EMSGSIZE;
 
 
 
 	xuo = nla_data(attr);
 
 	xuo = nla_data(attr);
 
-
 
+	memset(xuo, 0, sizeof(*xuo));
 
 	xuo->ifindex = xso->dev->ifindex;
 
 	xuo->ifindex = xso->dev->ifindex;
 
 	xuo->flags = xso->flags;
 
 	xuo->flags = xso->flags;