net: fix infoleak in llc (CVE-2016-4485)
This commit is contained in:
parent
066544159a
commit
88ec3673ad
|
@ -103,6 +103,7 @@ linux (4.5.4-1) UNRELEASED; urgency=medium
|
|||
|
||||
[ Salvatore Bonaccorso ]
|
||||
* KEYS: Fix ASN.1 indefinite length object parsing (CVE-2016-0758)
|
||||
* net: fix infoleak in llc (CVE-2016-4485)
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* gencontrol.py: Fix implementation of [packages]tools config option,
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
From b8670c09f37bdf2847cc44f36511a53afc6161fd Mon Sep 17 00:00:00 2001
|
||||
From: Kangjie Lu <kangjielu@gmail.com>
|
||||
Date: Tue, 3 May 2016 16:35:05 -0400
|
||||
Subject: [PATCH] net: fix infoleak in llc
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The stack object “info” has a total size of 12 bytes. Its last byte
|
||||
is padding which is not initialized and leaked via “put_cmsg”.
|
||||
|
||||
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/llc/af_llc.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
|
||||
index b3c52e3..8ae3ed9 100644
|
||||
--- a/net/llc/af_llc.c
|
||||
+++ b/net/llc/af_llc.c
|
||||
@@ -626,6 +626,7 @@ static void llc_cmsg_rcv(struct msghdr *msg, struct sk_buff *skb)
|
||||
if (llc->cmsg_flags & LLC_CMSG_PKTINFO) {
|
||||
struct llc_pktinfo info;
|
||||
|
||||
+ memset(&info, 0, sizeof(info));
|
||||
info.lpi_ifindex = llc_sk(skb->sk)->dev->ifindex;
|
||||
llc_pdu_decode_dsap(skb, &info.lpi_sap);
|
||||
llc_pdu_decode_da(skb, info.lpi_mac);
|
||||
--
|
||||
2.8.1
|
||||
|
|
@ -136,6 +136,7 @@ bugfix/all/bpf-fix-double-fdput-in-replace_map_fd_with_map_ptr.patch
|
|||
bugfix/all/bpf-fix-refcnt-overflow.patch
|
||||
bugfix/all/bpf-fix-check_map_func_compatibility-logic.patch
|
||||
bugfix/all/KEYS-Fix-ASN.1-indefinite-length-object-parsing.patch
|
||||
bugfix/all/net-fix-infoleak-in-llc.patch
|
||||
|
||||
# ABI maintenance
|
||||
debian/ib-fix-abi-change-in-4.5.3.patch
|
||||
|
|
Loading…
Reference in New Issue