Diff - 50fee1dec5d71b8a14c1b82f2f42e16adc227f8b^! - linux-4.4

commit	50fee1dec5d71b8a14c1b82f2f42e16adc227f8b	[log] [tgz]
author	Eugene Teo <eugeneteo@kernel.sg>	Mon Feb 23 15:38:41 2009 -0800
committer	David S. Miller <davem@davemloft.net>	Mon Feb 23 15:38:41 2009 -0800
tree	8eab115c8416a266e054c403163dc6aac0400943
parent	ebe47d47b7b7fed72dabcce4717da727b4e2367d [diff] [blame]

net: amend the fix for SO_BSDCOMPAT gsopt infoleak

The fix for CVE-2009-0676 (upstream commit df0bca04) is incomplete. Note
that the same problem of leaking kernel memory will reappear if someone
on some architecture uses struct timeval with some internal padding (for
example tv_sec 64-bit and tv_usec 32-bit) --- then, you are going to
leak the padded bytes to userspace.

Signed-off-by: Eugene Teo <eugeneteo@kernel.sg>
Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/core/sock.c b/net/core/sock.c
index 6e4f14d..5f97caa 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c

@@ -696,7 +696,7 @@
 	if (len < 0)
 		return -EINVAL;
 
-	v.val = 0;
+	memset(&v, 0, sizeof(v));
 
 	switch(optname) {
 	case SO_DEBUG: