2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-17 01:34:00 +08:00
linux-next/net
Clément Lecigne df0bca049d net: 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2
In function sock_getsockopt() located in net/core/sock.c, optval v.val
is not correctly initialized and directly returned in userland in case
we have SO_BSDCOMPAT option set.

This dummy code should trigger the bug:

int main(void)
{
	unsigned char buf[4] = { 0, 0, 0, 0 };
	int len;
	int sock;
	sock = socket(33, 2, 2);
	getsockopt(sock, 1, SO_BSDCOMPAT, &buf, &len);
	printf("%x%x%x%x\n", buf[0], buf[1], buf[2], buf[3]);
	close(sock);
}

Here is a patch that fix this bug by initalizing v.val just after its
declaration.

Signed-off-by: Clément Lecigne <clement.lecigne@netasq.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-02-12 16:59:09 -08:00
..
9p 9p: fix endian issues [attempt 3] 2009-02-06 22:07:41 -08:00
802 hippi: convert driver to net_device_ops 2008-11-20 20:32:15 -08:00
8021q vlan: Export symbols as non GPL symbols. 2009-01-26 12:37:53 -08:00
appletalk appletalk: convert aarp to net_device_ops 2009-01-07 17:21:44 -08:00
atm netdevice: Kill netdev->priv 2008-12-08 01:14:16 -08:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2008-12-28 12:49:40 -08:00
bluetooth bluetooth: driver API update 2009-01-07 17:23:17 -08:00
bridge bridge: Fix LRO crash with tun 2009-02-09 15:07:18 -08:00
can can: fix slowpath issue in hrtimer callback function 2009-01-14 21:06:55 -08:00
core net: 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2 2009-02-12 16:59:09 -08:00
dcb DCB: fix kfree(skb) 2009-01-04 17:29:21 -08:00
dccp dccp ccid-3: Fix RFC reference 2009-01-11 00:17:22 -08:00
decnet net: Make static 2008-12-10 15:18:31 -08:00
dsa dsa: convert to net_device_ops (v2) 2009-01-06 16:45:26 -08:00
econet netns: Use net_eq() to compare net-namespaces for optimization. 2008-07-19 22:34:43 -07:00
ethernet eth: Declare an optimized compare_ether_addr_64bits() function 2008-11-23 23:24:32 -08:00
ipv4 udp: Fix potential wrong ip_hdr(skb) pointers 2009-02-06 01:59:12 -08:00
ipv6 IPv6: fix to set device name when new IPv6 over IPv6 tunnel device is created. 2009-02-09 15:01:19 -08:00
ipx net: '&' redux 2008-11-03 18:21:05 -08:00
irda tty: Fix an ircomm warning and note another bug 2009-01-02 10:19:43 -08:00
iucv s390: remove s390_root_dev_*() 2009-01-06 10:44:34 -08:00
key af_key: initialize xfrm encap_oa 2009-01-25 20:49:14 -08:00
lapb
llc net: remove redundant argument comments 2008-11-21 17:15:03 -08:00
mac80211 mac80211: restrict to AP in outgoing interface heuristic 2009-02-11 11:27:17 -05:00
netfilter netfilter: xt_sctp: sctp chunk mapping doesn't work 2009-02-09 14:34:56 -08:00
netlabel netlabel: Update kernel configuration API 2008-12-31 12:54:11 -05:00
netlink genetlink: export genl_unregister_mc_group() 2009-01-07 10:00:17 -08:00
netrom Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2008-12-28 12:49:40 -08:00
packet net: packet socket packet_lookup_frame fix 2009-02-01 01:53:29 -08:00
phonet Phonet: do not compute unused value 2009-02-10 17:14:50 -08:00
rfkill net/rfkill/rfkill.c: fix unused rfkill_led_trigger() warning 2009-01-04 17:11:24 -08:00
rose Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2008-12-28 12:49:40 -08:00
rxrpc RxRPC: Fix a potential NULL dereference 2009-02-06 21:50:52 -08:00
sched pkt_sched: sch_htb: Break all htb_do_events() after 2 jiffies 2009-01-12 21:54:40 -08:00
sctp sctp: Fix another socket race during accept/peeloff 2009-01-22 14:53:23 -08:00
sunrpc sunrpc: fix rdma dependencies 2009-02-03 15:20:13 -08:00
tipc net/tipc/bcast.h: use ARRAY_SIZE 2009-01-11 00:06:33 -08:00
unix introduce new LSM hooks where vfsmount is available. 2008-12-31 18:07:37 -05:00
wanrouter netdevice wanrouter: Convert directly reference of netdev->priv 2008-11-20 04:26:21 -08:00
wimax wimax: fix build issue when debugfs is disabled 2009-01-29 17:18:31 -08:00
wireless cfg80211: print correct intersected regulatory domain 2009-01-29 15:46:43 -05:00
x25 net: '&' redux 2008-11-03 18:21:05 -08:00
xfrm Revert "xfrm: For 32/64 compatability wrt. xfrm_usersa_info" 2009-01-20 09:49:51 -08:00
compat.c reintroduce accept4 2008-11-19 18:49:57 -08:00
Kconfig net: Move config NET_NS to from net/Kconfig to init/Kconfig 2009-01-26 12:25:55 -08:00
Makefile wimax: Makefile, Kconfig and docbook linkage for the stack 2009-01-07 10:00:17 -08:00
nonet.c
socket.c [CVE-2009-0029] System call wrappers part 22 2009-01-14 14:15:27 +01:00
sysctl_net.c missing bits of net-namespace / sysctl 2008-07-27 09:45:34 -07:00
TUNABLE