linux/net/ax25
Mathias Krause ef3313e84a ax25: fix info leak via msg_name in ax25_recvmsg()
When msg_namelen is non-zero the sockaddr info gets filled out, as
requested, but the code fails to initialize the padding bytes of struct
sockaddr_ax25 inserted by the compiler for alignment. Additionally the
msg_namelen value is updated to sizeof(struct full_sockaddr_ax25) but is
not always filled up to this size.

Both issues lead to the fact that the code will leak uninitialized
kernel stack bytes in net/socket.c.

Fix both issues by initializing the memory with memset(0).

Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-07 16:28:00 -04:00
..
af_ax25.c ax25: fix info leak via msg_name in ax25_recvmsg() 2013-04-07 16:28:00 -04:00
ax25_addr.c small cleanup in ax25_addr_parse() 2012-07-09 00:16:16 -07:00
ax25_dev.c net ax25: Simplify and cleanup the ax25 sysctl handling. 2012-04-20 21:22:28 -04:00
ax25_ds_in.c
ax25_ds_subr.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
ax25_ds_timer.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
ax25_iface.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
ax25_in.c
ax25_ip.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
ax25_out.c net: use consume_skb() in place of kfree_skb() 2012-06-04 11:27:40 -04:00
ax25_route.c net: use consume_skb() in place of kfree_skb() 2012-06-04 11:27:40 -04:00
ax25_std_in.c
ax25_std_subr.c
ax25_std_timer.c
ax25_subr.c
ax25_timer.c
ax25_uid.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
Kconfig
Makefile
sysctl_net_ax25.c net ax25: Simplify and cleanup the ax25 sysctl handling. 2012-04-20 21:22:28 -04:00
TODO