Commit a5f6fc28d6e6cc379c6839f21820e62262419584
Committed by
David S. Miller
1 parent
ee7255ada3
Exists in
ti-lsk-linux-4.1.y
and in
10 other branches
pptp: fix stack info leak in pptp_getname()
pptp_getname() only partially initializes the stack variable sa, particularly only fills the pptp part of the sa_addr union. The code thereby discloses 16 bytes of kernel stack memory via getsockname(). Fix this by memset(0)'ing the union before. Cc: Dmitry Kozlov <xeb@mail.ru> Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 1 changed file with 3 additions and 1 deletions Side-by-side Diff
drivers/net/ppp/pptp.c
... | ... | @@ -506,7 +506,9 @@ |
506 | 506 | int len = sizeof(struct sockaddr_pppox); |
507 | 507 | struct sockaddr_pppox sp; |
508 | 508 | |
509 | - sp.sa_family = AF_PPPOX; | |
509 | + memset(&sp.sa_addr, 0, sizeof(sp.sa_addr)); | |
510 | + | |
511 | + sp.sa_family = AF_PPPOX; | |
510 | 512 | sp.sa_protocol = PX_PROTO_PPTP; |
511 | 513 | sp.sa_addr.pptp = pppox_sk(sock->sk)->proto.pptp.src_addr; |
512 | 514 |