netrom: info leak in ->getname()

The sockaddr_ax25 struct has a 3 byte hole between ->sax25_call and ->sax25_ndigis. I've added a memset to avoid leaking uninitialized stack data to userspace. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Dan Carpenter <dan.carpenter@oracle.com> 2013-04-22 20:22:51 +0000
committer: David S. Miller <davem@davemloft.net> 2013-04-25 01:47:58 -0400
commit: 7a3b68434b1b5fb7b9a6184efb26822cd1a54cc8 (patch)
tree: 6b2e5cbcfca48b1229396fd19773386f7eefd62e /net/netrom
parent: fccc9f1fa878d9599aa583f0fec3bca95639667d (diff)
download: linux-7a3b68434b1b5fb7b9a6184efb26822cd1a54cc8.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 103bd704b5fc..ec0c80fde69f 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -834,6 +834,8 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
 	struct sock *sk = sock->sk;
 	struct nr_sock *nr = nr_sk(sk);
 
+	memset(&sax->fsa_ax25, 0, sizeof(struct sockaddr_ax25));
+
 	lock_sock(sk);
 	if (peer != 0) {
 		if (sk->sk_state != TCP_ESTABLISHED) {
author	Dan Carpenter <dan.carpenter@oracle.com>	2013-04-22 20:22:51 +0000
committer	David S. Miller <davem@davemloft.net>	2013-04-25 01:47:58 -0400
commit	7a3b68434b1b5fb7b9a6184efb26822cd1a54cc8 (patch)
tree	6b2e5cbcfca48b1229396fd19773386f7eefd62e /net/netrom
parent	fccc9f1fa878d9599aa583f0fec3bca95639667d (diff)
download	linux-7a3b68434b1b5fb7b9a6184efb26822cd1a54cc8.tar.gz