diff options
author | Mathias Krause <minipli@googlemail.com> | 2013-09-30 22:05:40 +0200 |
---|---|---|
committer | Luis Henriques <luis.henriques@canonical.com> | 2013-10-25 10:47:59 +0100 |
commit | 1c3a0934015f0b829e290ac562a286301ed2322d (patch) | |
tree | b616fc79db6fc57b3f251a88805ee3f70677057b | |
parent | dab75c8b00a07776f4024d66c1bdb069da1db149 (diff) |
unix_diag: fix info leak
commit 6865d1e834be84ddd5808d93d5035b492346c64a upstream.
When filling the netlink message we miss to wipe the pad field,
therefore leak one byte of heap memory to userland. Fix this by
setting pad to 0.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
-rw-r--r-- | net/unix/diag.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/unix/diag.c b/net/unix/diag.c index 47d3002737f5..1b4d8fca30b9 100644 --- a/net/unix/diag.c +++ b/net/unix/diag.c @@ -134,6 +134,7 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r rep->udiag_family = AF_UNIX; rep->udiag_type = sk->sk_type; rep->udiag_state = sk->sk_state; + rep->pad = 0; rep->udiag_ino = sk_ino; sock_diag_save_cookie(sk, rep->udiag_cookie); |