[Linux-kernel-mentees] [PATCH net] xdp: Prevent kernel-infoleak in xsk_getsockopt()

From: Peilin Ye
Date: Mon Jul 27 2020 - 22:30:14 EST

Next message: Francisco Jerez: "Re: [PATCH] cpufreq: intel_pstate: Implement passive mode with HWP enabled"
Previous message: Gene Chen: "Re: [PATCH v2 4/9] mfd: mt6360: Combine mt6360 pmic/ldo resouces into mt6360 regulator resources"
Next in thread: Song Liu: "Re: [Linux-kernel-mentees] [PATCH net] xdp: Prevent kernel-infoleak in xsk_getsockopt()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

xsk_getsockopt() is copying uninitialized stack memory to userspace when
`extra_stats` is `false`. Fix it by initializing `stats` with memset().

Cc: stable@xxxxxxxxxxxxxxx
Fixes: 8aa5a33578e9 ("xsk: Add new statistics")
Suggested-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Signed-off-by: Peilin Ye <yepeilin.cs@xxxxxxxxx>
---
net/xdp/xsk.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
index 26e3bba8c204..acf001908a0d 100644
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -844,6 +844,8 @@ static int xsk_getsockopt(struct socket *sock, int level, int optname,
bool extra_stats = true;
size_t stats_size;

+ memset(&stats, 0, sizeof(stats));
+
if (len < sizeof(struct xdp_statistics_v1)) {
return -EINVAL;
} else if (len < sizeof(stats)) {
--
2.25.1

Next message: Francisco Jerez: "Re: [PATCH] cpufreq: intel_pstate: Implement passive mode with HWP enabled"
Previous message: Gene Chen: "Re: [PATCH v2 4/9] mfd: mt6360: Combine mt6360 pmic/ldo resouces into mt6360 regulator resources"
Next in thread: Song Liu: "Re: [Linux-kernel-mentees] [PATCH net] xdp: Prevent kernel-infoleak in xsk_getsockopt()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]