rds: fix an infoleak in rds_inc_info_copy (CVE-2016-5244)

debian/changelog

@@ -123,6 +123,7 @@ linux (4.6.2-1) UNRELEASED; urgency=medium
     - ecryptfs: forbid opening files without mmap handler
     - sched: panic on corrupted stack end
   * tipc: fix an infoleak in tipc_nl_compat_link_dump (CVE-2016-5243)
+  * rds: fix an infoleak in rds_inc_info_copy (CVE-2016-5244)
 
  -- Ben Hutchings <ben@decadent.org.uk>  Thu, 09 Jun 2016 02:56:01 +0100
 

debian/patches/bugfix/all/rds-fix-an-infoleak-in-rds_inc_info_copy.patch

@@ -0,0 +1,31 @@
+From: Kangjie Lu <kangjielu@gmail.com>
+Date: Thu, 2 Jun 2016 04:11:20 -0400
+Subject: rds: fix an infoleak in rds_inc_info_copy
+Origin: https://git.kernel.org/linus/4116def2337991b39919f3b448326e21c40e0dbb
+
+The last field "flags" of object "minfo" is not initialized.
+Copying this object out may leak kernel stack data.
+Assign 0 to it to avoid leak.
+
+Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
+Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/rds/recv.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/net/rds/recv.c b/net/rds/recv.c
+index c0be1ec..8413f6c 100644
+--- a/net/rds/recv.c
++++ b/net/rds/recv.c
+@@ -561,5 +561,7 @@ void rds_inc_info_copy(struct rds_incoming *inc,
+ 		minfo.fport = inc->i_hdr.h_dport;
+ 	}
+ 
++	minfo.flags = 0;
++
+ 	rds_info_copy(iter, &minfo, sizeof(minfo));
+ }
+-- 
+2.8.1
+

debian/patches/series

@@ -111,6 +111,7 @@ bugfix/all/proc-prevent-stacking-filesystems-on-top.patch
 bugfix/all/ecryptfs-forbid-opening-files-without-mmap-handler.patch
 bugfix/all/sched-panic-on-corrupted-stack-end.patch
 bugfix/all/tipc-fix-an-infoleak-in-tipc_nl_compat_link_dump.patch
+bugfix/all/rds-fix-an-infoleak-in-rds_inc_info_copy.patch
 
 # Tools bug fixes
 bugfix/all/usbip-document-tcp-wrappers.patch