CVE-2016-4485-net-fix-infoleak-in-llc.patch

   1 From f1006a1bc4504ad7996ff9a33982b419e15945bc Mon Sep 17 00:00:00 2001
   2 From: Kangjie Lu <kangjielu@gmail.com>
   3 Date: Tue, 10 May 2016 15:12:22 +0100
   4 Subject: [PATCH] net: fix infoleak in llc
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 The stack object “info” has a total size of 12 bytes. Its last byte
  10 is padding which is not initialized and leaked via “put_cmsg”.
  11
  12 Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
  13 Signed-off-by: David S. Miller <davem@davemloft.net>
  14 (cherry picked from commit b8670c09f37bdf2847cc44f36511a53afc6161fd)
  15 CVE-2016-4485
  16 BugLink: https://bugs.launchpad.net/bugs/1578496
  17 Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
  18 Acked-by: Tim Gardner <tim.gardner@canonical.com>
  19 Acked-by: Brad Figg <brad.figg@canonical.com>
  20 Signed-off-by: Kamal Mostafa <kamal@canonical.com>
  21 ---
  22  net/llc/af_llc.c | 1 +
  23  1 file changed, 1 insertion(+)
  24
  25 diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
  26 index 8dab4e5..bb8edb9 100644
  27 --- a/net/llc/af_llc.c
  28 +++ b/net/llc/af_llc.c
  29 @@ -626,6 +626,7 @@ static void llc_cmsg_rcv(struct msghdr *msg, struct sk_buff *skb)
  30         if (llc->cmsg_flags & LLC_CMSG_PKTINFO) {
  31                 struct llc_pktinfo info;
  32
  33 +               memset(&info, 0, sizeof(info));
  34                 info.lpi_ifindex = llc_sk(skb->sk)->dev->ifindex;
  35                 llc_pdu_decode_dsap(skb, &info.lpi_sap);
  36                 llc_pdu_decode_da(skb, info.lpi_mac);
  37 --
  38 2.1.4
  39