gre: information leak in ip6_tnl_ioctl()

There is a one byte hole between p->hop_limit and p->flowinfo where stack memory is leaked to the user. This was introduced in c12b395a "gre: Support GRE over IPv6". Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

gre: information leak in ip6_tnl_ioctl()
There is a one byte hole between p->hop_limit and p->flowinfo where stack memory is leaked to the user. This was introduced in c12b395a "gre: Support GRE over IPv6". Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
5ef5d6c5 · Dan Carpenter · David S. Miller · 56892261 · 5ef5d6c5
Commit 5ef5d6c5 authored Aug 16, 2012 by Dan Carpenter Committed by David S. Miller Aug 20, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

net/ipv6/ip6_tunnel.c net/ipv6/ip6_tunnel.c +2 -0

No files found.
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1312,6 +1312,8 @@ ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
 			}
 			ip6_tnl_parm_from_user(&p1, &p);
 			t = ip6_tnl_locate(net, &p1, 0);
+		} else {
+			memset(&p, 0, sizeof(p));
 		}
 		if (t == NULL)
 			t = netdev_priv(dev);