net: amend the fix for SO_BSDCOMPAT gsopt infoleak
authorEugene Teo <eugeneteo@kernel.sg>
Mon, 23 Feb 2009 23:38:41 +0000 (15:38 -0800)
committerDavid S. Miller <davem@davemloft.net>
Mon, 23 Feb 2009 23:38:41 +0000 (15:38 -0800)
The fix for CVE-2009-0676 (upstream commit df0bca04) is incomplete. Note
that the same problem of leaking kernel memory will reappear if someone
on some architecture uses struct timeval with some internal padding (for
example tv_sec 64-bit and tv_usec 32-bit) --- then, you are going to
leak the padded bytes to userspace.

Signed-off-by: Eugene Teo <eugeneteo@kernel.sg>
Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/core/sock.c

index 6e4f14d1ef818a3844d40e51425e5792effcf7d2..5f97caa158e81ba95143e7c769ab30de3a1cac43 100644 (file)
@@ -696,7 +696,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
        if (len < 0)
                return -EINVAL;
 
-       v.val = 0;
+       memset(&v, 0, sizeof(v));
 
        switch(optname) {
        case SO_DEBUG: