This is a note to let you know that I've just added the patch titled
ipv6,gre: do not leak info to user-space
to the 3.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ipv6-gre-do-not-leak-info-to-user-space.patch
and it can be found in the queue-3.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From fdc35e0619534b2733bb58e82fb5004942bc5725 Mon Sep 17 00:00:00 2001
From: Amerigo Wang <[email protected]>
Date: Thu, 9 May 2013 21:56:37 +0000
Subject: ipv6,gre: do not leak info to user-space
From: Amerigo Wang <[email protected]>
[ Upstream commit 5dbd5068430b8bd1c19387d46d6c1a88b261257f ]
There is a hole in struct ip6_tnl_parm2, so we have to
zero the struct on stack before copying it to user-space.
Cc: David S. Miller <[email protected]>
Signed-off-by: Cong Wang <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv6/ip6_gre.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -1135,6 +1135,7 @@ static int ip6gre_tunnel_ioctl(struct ne
}
if (t == NULL)
t = netdev_priv(dev);
+ memset(&p, 0, sizeof(p));
ip6gre_tnl_parm_to_user(&p, &t->parms);
if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
err = -EFAULT;
@@ -1182,6 +1183,7 @@ static int ip6gre_tunnel_ioctl(struct ne
if (t) {
err = 0;
+ memset(&p, 0, sizeof(p));
ip6gre_tnl_parm_to_user(&p, &t->parms);
if (copy_to_user(ifr->ifr_ifru.ifru_data, &p,
sizeof(p)))
err = -EFAULT;
Patches currently in stable-queue which might be from [email protected] are
queue-3.9/ipv6-gre-do-not-leak-info-to-user-space.patch
queue-3.9/xfrm6-release-dev-before-returning-error.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
