[PATCH] net/sctp: use memset avoid infoleaks
From: cgel . zte
Date: Tue Mar 01 2022 - 03:19:09 EST
From: Minghao Chi (CGEL ZTE) <chi.minghao@xxxxxxxxxx>
Use memset to initialize structs to preventing infoleaks
in sctp_auth_chunk_verify
Reported-by: Zeal Robot <zealci@xxxxxxxxxx>
Signed-off-by: Minghao Chi (CGEL ZTE) <chi.minghao@xxxxxxxxxx>
---
net/sctp/sm_statefuns.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index cc544a97c4af..7ff16d12e0c5 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -652,6 +652,7 @@ static bool sctp_auth_chunk_verify(struct net *net, struct sctp_chunk *chunk,
return false;
/* set-up our fake chunk so that we can process it */
+ memset(&auth, 0x0, sizeof(auth));
auth.skb = chunk->auth_chunk;
auth.asoc = chunk->asoc;
auth.sctp_hdr = chunk->sctp_hdr;
--
2.25.1