rose: fix info leak via msg_name in rose_recvmsg()
authorMathias Krause <minipli@googlemail.com>
Sun, 7 Apr 2013 01:51:59 +0000 (01:51 +0000)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 1 May 2013 16:41:05 +0000 (09:41 -0700)
commit1a4dc01afc19f4a30c015ef62a43930241ee15b1
tree924086b5c572dac58ef0ac8879e1ea820c196676
parent1091d7dddb9f0fc287bf17c5f6c7859fe0bc50b3
rose: fix info leak via msg_name in rose_recvmsg()

[ Upstream commit 4a184233f21645cf0b719366210ed445d1024d72 ]

The code in rose_recvmsg() does not initialize all of the members of
struct sockaddr_rose/full_sockaddr_rose when filling the sockaddr info.
Nor does it initialize the padding bytes of the structure inserted by
the compiler for alignment. This will lead to leaking uninitialized
kernel stack bytes in net/socket.c.

Fix the issue by initializing the memory used for sockaddr info with
memset(0).

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/rose/af_rose.c