appletalk: fix atalk_getname() leak
Eric Dumazet [Thu, 6 Aug 2009 02:27:43 +0000 (02:27 +0000)]
atalk_getname() can leak 8 bytes of kernel memory to user

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/appletalk/ddp.c

index 590b839..9ef6ff2 100644 (file)
@@ -1237,6 +1237,7 @@ static int atalk_getname(struct socket *sock, struct sockaddr *uaddr,
                        return -ENOBUFS;
 
        *uaddr_len = sizeof(struct sockaddr_at);
+       memset(&sat.sat_zero, 0, sizeof(sat.sat_zero));
 
        if (peer) {
                if (sk->sk_state != TCP_ESTABLISHED)