Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-04 04:06:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f19e36c418
linux-stable/net
History
Mathias Krause f19e36c418 xfrm_user: fix info leak in copy_to_user_tmpl() 
commit 1f86840f89 upstream.

The memory used for the template copy is a local stack variable. As
struct xfrm_user_tmpl contains multiple holes added by the compiler for
alignment, not initializing the memory will lead to leaking stack bytes
to userland. Add an explicit memset(0) to avoid the info leak.

Initial version of the patch by Brad Spengler.

Cc: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2014-02-10 16:11:00 -05:00
..
9p net/9p: Fix the msize calculation. 2012-08-17 15:35:13 -04:00
802 include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
8021q include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
appletalk include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
atm atm: update msg_namelen in vcc_recvmsg() 2014-02-10 16:10:49 -05:00
ax25 ax25: fix info leak via msg_name in ax25_recvmsg() 2014-02-10 16:10:49 -05:00
bluetooth Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace. 2012-08-17 15:35:42 -04:00
bridge bridge: set priority of STP packets 2014-02-10 16:10:54 -05:00
can can: add missing socket check in can/raw release 2012-03-14 10:57:20 -04:00
core drop_monitor: dont sleep in atomic context 2014-02-10 16:10:59 -05:00
dcb include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
dccp inet: add RCU protection to inet->opt 2014-02-10 16:10:42 -05:00
decnet net: avoid limits overflow 2011-04-17 16:15:55 -04:00
dsa include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
econet econet: 4 byte infoleak to the network 2011-06-26 12:47:21 -04:00
ethernet include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ieee802154 ieee802154: Fix oops during ieee802154_sock_ioctl 2010-04-26 11:20:32 -07:00
ipv4 tcp: do_tcp_sendpages() must try to push data out on oom conditions 2014-02-10 16:10:58 -05:00
ipv6 ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data 2014-02-10 16:10:45 -05:00
ipx include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
irda irda: prevent heap corruption on invalid nickname 2012-03-14 10:56:56 -04:00
iucv iucv: Fix missing msg_namelen update in iucv_sock_recvmsg() 2014-02-10 16:10:48 -05:00
key include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
lapb include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
llc llc: Fix missing msg_namelen update in llc_ui_recvmsg() 2014-02-10 16:10:48 -05:00
mac80211 mac80211: Restart STA timers only on associated state 2012-05-17 11:21:16 -04:00
netfilter ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT) 2014-02-10 16:10:50 -05:00
netlabel Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-06 08:34:06 -07:00
netlink netlink: fix races after skb queueing 2014-02-10 16:10:56 -05:00
netrom include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
packet af_packet: remove BUG statement in tpacket_destruct_skb 2014-02-10 16:10:54 -05:00
phonet Phonet: Correct header retrieval after pskb_may_pull 2011-01-06 18:08:13 -05:00
rds rds: set correct msg_namelen 2014-02-10 16:10:47 -05:00
rfkill include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
rose rose: fix info leak via msg_name in rose_recvmsg() 2014-02-10 16:10:47 -05:00
rxrpc include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
sched net_sched: gred: Fix oops in gred_dump() in WRED mode 2014-02-10 16:10:55 -05:00
sctp sctp: fix memory leak in sctp_datamsg_from_user() when copy from user space fails 2014-02-10 16:10:51 -05:00
sunrpc SUNRPC: Ensure we return EAGAIN in xs_nospace if congestion is cleared 2013-01-16 16:44:58 -05:00
tipc net: tipc: fix information leak to userland 2011-06-26 12:47:18 -04:00
unix unix: fix a race condition in unix_release() 2014-02-10 16:10:51 -05:00
wanrouter headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
wimax include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
wireless nl80211: fix MAC address validation 2013-01-16 16:44:59 -05:00
x25 x25: Prevent skb overreads when checking call user data 2012-08-17 15:35:24 -04:00
xfrm xfrm_user: fix info leak in copy_to_user_tmpl() 2014-02-10 16:11:00 -05:00
compat.c net: Limit socket I/O iovec total length to INT_MAX. 2011-04-17 16:15:59 -04:00
Kconfig net/compat/wext: send different messages to compat tasks 2009-07-15 08:53:39 -07:00
Makefile net: remove redundant sched/ in net/Makefile 2009-07-12 20:11:14 -07:00
nonet.c
socket.c net: fix info leak in compat dev_ifconf() 2014-02-10 16:10:52 -05:00
sysctl_net.c net: spread __net_init, __net_exit 2010-01-17 19:16:02 -08:00
TUNABLE