Re: [PATCH 4/6] xfrm_user: fix info leak in copy_to_user_tmpl()

From: Steffen Klassert
Date: Thu Sep 20 2012 - 03:26:04 EST

Next message: Steffen Klassert: "Re: [PATCH 6/6] xfrm_user: don't copy esn replay window twice fornew states"
Previous message: Thierry Reding: "[PATCH v2 2/2] ARM: pci: Allow passing per-controller private data"
In reply to: Mathias Krause: "[PATCH 4/6] xfrm_user: fix info leak in copy_to_user_tmpl()"
Next in thread: Mathias Krause: "[PATCH 2/6] xfrm_user: fix info leak in copy_to_user_state()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 19, 2012 at 11:33:41PM +0200, Mathias Krause wrote:
> The memory used for the template copy is a local stack variable. As
> struct xfrm_user_tmpl contains multiple holes added by the compiler for
> alignment, not initializing the memory will lead to leaking stack bytes
> to userland. Add an explicit memset(0) to avoid the info leak.
>
> Initial version of the patch by Brad Spengler.
>
> Cc: Brad Spengler <spender@xxxxxxxxxxxxxx>
> Signed-off-by: Mathias Krause <minipli@xxxxxxxxxxxxxx>

Patches 1-4:

Acked-by: Steffen Klassert <steffen.klassert@xxxxxxxxxxx>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steffen Klassert: "Re: [PATCH 6/6] xfrm_user: don't copy esn replay window twice fornew states"
Previous message: Thierry Reding: "[PATCH v2 2/2] ARM: pci: Allow passing per-controller private data"
In reply to: Mathias Krause: "[PATCH 4/6] xfrm_user: fix info leak in copy_to_user_tmpl()"
Next in thread: Mathias Krause: "[PATCH 2/6] xfrm_user: fix info leak in copy_to_user_state()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]