Commit 75ca2088 authored by Mathias Krause's avatar Mathias Krause Committed by Willy Tarreau

ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT)

commit 2d8a041b upstream.

If at least one of CONFIG_IP_VS_PROTO_TCP or CONFIG_IP_VS_PROTO_UDP is
not set, __ip_vs_get_timeouts() does not fully initialize the structure
that gets copied to userland and that for leaks up to 12 bytes of kernel
stack. Add an explicit memset(0) before passing the structure to
__ip_vs_get_timeouts() to avoid the info leak.
Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
Cc: Wensong Zhang <wensong@linux-vs.org>
Cc: Simon Horman <horms@verge.net.au>
Cc: Julian Anastasov <ja@ssi.bg>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
[bwh: Backported to 2.6.32: adjust context]
Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
parent 9df2c9ad
...@@ -2455,6 +2455,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) ...@@ -2455,6 +2455,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
{ {
struct ip_vs_timeout_user t; struct ip_vs_timeout_user t;
memset(&t, 0, sizeof(t));
__ip_vs_get_timeouts(&t); __ip_vs_get_timeouts(&t);
if (copy_to_user(user, &t, sizeof(t)) != 0) if (copy_to_user(user, &t, sizeof(t)) != 0)
ret = -EFAULT; ret = -EFAULT;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment