]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT)
authorMathias Krause <minipli@googlemail.com>
Wed, 15 Aug 2012 11:31:56 +0000 (11:31 +0000)
committerPaul Gortmaker <paul.gortmaker@windriver.com>
Mon, 10 Feb 2014 21:10:50 +0000 (16:10 -0500)
commit 2d8a041b7bfe1097af21441cb77d6af95f4f4680 upstream.

If at least one of CONFIG_IP_VS_PROTO_TCP or CONFIG_IP_VS_PROTO_UDP is
not set, __ip_vs_get_timeouts() does not fully initialize the structure
that gets copied to userland and that for leaks up to 12 bytes of kernel
stack. Add an explicit memset(0) before passing the structure to
__ip_vs_get_timeouts() to avoid the info leak.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Wensong Zhang <wensong@linux-vs.org>
Cc: Simon Horman <horms@verge.net.au>
Cc: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
net/netfilter/ipvs/ip_vs_ctl.c

index 36dc1d88c2fa56cff3f29566965de8c80e9e9d99..bd9d805a85a6fd085458c6db11253b8ee9b8362c 100644 (file)
@@ -2469,6 +2469,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
        {
                struct ip_vs_timeout_user t;
 
+               memset(&t, 0, sizeof(t));
                __ip_vs_get_timeouts(&t);
                if (copy_to_user(user, &t, sizeof(t)) != 0)
                        ret = -EFAULT;