git.ipfire.org Git - thirdparty/kernel/stable.git/commit

xfrm_user: fix info leak in build_mapping()

[ Upstream commit 1beb76b2053b68c491b78370794b8ff63c8f8c02 ]

struct xfrm_usersa_id has a one-byte padding hole after the proto
field, which ends up never getting set to zero before copying out to
userspace. Fix that up by zeroing out the whole structure before
setting individual variables.

Fixes: 3a2dfbe8acb1 ("xfrm: Notify changes in UDP encapsulation via netlink")
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Simon Horman <horms@kernel.org>
Assisted-by: gregkh_clanker_t1000
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 6 Apr 2026 15:33:03 +0000 (17:33 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 22 Apr 2026 11:30:40 +0000 (13:30 +0200)
commit	700c9622b23c33b5933e6dcea816492c064e4e10
tree	9c7ebdb7996e5dd8141ec26fc64dabcbafda079c	tree \| snapshot
parent	70c2a89a3bc207c3bfbf6f21bb439809e0a4a27a	commit \| diff