| commit | ab7dec14409366c185ecf4cb1a4d0a6b1370be89 | |
| author | Mathias Krause <minipli@googlemail.com> | |
| Wed, 19 Sep 2012 11:33:40 +0000 (19 11:33 +0000) | ||
| committer | Willy Tarreau <w@1wt.eu> | |
| Mon, 10 Jun 2013 09:42:51 +0000 (10 11:42 +0200) | ||
| tree | 645d9e0e34f43225ee9e842cea8743e8a65b83c2 | treesnapshot (tar.gz zip) |
| parent | d6927c1ec8b078e0b7e416b1da320a4f5b70bf4d | commitdiff |
xfrm_user: fix info leak in copy_to_user_policy()
[ Upstream commit 7b789836f434c87168eab067cfbed1ec4783dffd ]
The memory reserved to dump the xfrm policy includes multiple padding
bytes added by the compiler for alignment (padding bytes in struct
xfrm_selector and struct xfrm_userpolicy_info). Add an explicit
memset(0) before filling the buffer to avoid the heap info leak.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
[ Upstream commit 7b789836f434c87168eab067cfbed1ec4783dffd ]
The memory reserved to dump the xfrm policy includes multiple padding
bytes added by the compiler for alignment (padding bytes in struct
xfrm_selector and struct xfrm_userpolicy_info). Add an explicit
memset(0) before filling the buffer to avoid the heap info leak.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
| net/xfrm/xfrm_user.c | diffblobblamehistory |