From: Timo Sirainen <tss@iki.fi>
Date: Mon, 20 Sep 2010 17:19:53 +0000 (+0100)
Subject: Make sure no data is leaked across processes via struct ip_addr fields.
X-Git-Tag: 2.0.4~43
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9834959357fc9046c4243760a6a4730897baa669;p=thirdparty%2Fdovecot%2Fcore.git

Make sure no data is leaked across processes via struct ip_addr fields.
---

diff --git a/src/lib/network.c b/src/lib/network.c
index 64ed3f6622..8f010b9f0b 100644
--- a/src/lib/network.c
+++ b/src/lib/network.c
@@ -99,6 +99,10 @@ sin_set_ip(union sockaddr_union *so, const struct ip_addr *ip)
 static inline void
 sin_get_ip(const union sockaddr_union *so, struct ip_addr *ip)
 {
+	/* IP structs may be sent across processes. Clear the whole struct
+	   first to make sure it won't leak any data across processes. */
+	memset(ip, 0, sizeof(*ip));
+
 	ip->family = so->sin.sin_family;
 
 #ifdef HAVE_IPV6
@@ -505,7 +509,8 @@ int net_accept(int fd, struct ip_addr *addr, unsigned int *port)
 			return -2;
 	}
 	if (so.sin.sin_family == AF_UNIX) {
-		if (addr != NULL) addr->family = 0;
+		if (addr != NULL)
+			memset(addr, 0, sizeof(*addr));
 		if (port != NULL) *port = 0;
 	} else {
 		if (addr != NULL) sin_get_ip(&so, addr);
@@ -634,7 +639,8 @@ int net_getsockname(int fd, struct ip_addr *addr, unsigned int *port)
 	if (getsockname(fd, &so.sa, &addrlen) == -1)
 		return -1;
 	if (so.sin.sin_family == AF_UNIX) {
-		if (addr != NULL) addr->family = 0;
+		if (addr != NULL)
+			memset(addr, 0, sizeof(*addr));
 		if (port != NULL) *port = 0;
 	} else {
 		if (addr != NULL) sin_get_ip(&so, addr);
@@ -654,7 +660,8 @@ int net_getpeername(int fd, struct ip_addr *addr, unsigned int *port)
 	if (getpeername(fd, &so.sa, &addrlen) == -1)
 		return -1;
 	if (so.sin.sin_family == AF_UNIX) {
-		if (addr != NULL) addr->family = 0;
+		if (addr != NULL)
+			memset(addr, 0, sizeof(*addr));
 		if (port != NULL) *port = 0;
 	} else {
 		if (addr != NULL) sin_get_ip(&so, addr);