[Linux-kernel-mentees] [PATCH net] xdp: Prevent kernel-infoleak in xsk_getsockopt()

Peilin Ye yepeilin.cs at gmail.com
Tue Jul 28 02:28:59 UTC 2020


xsk_getsockopt() is copying uninitialized stack memory to userspace when
`extra_stats` is `false`. Fix it by initializing `stats` with memset().

Cc: stable at vger.kernel.org
Fixes: 8aa5a33578e9 ("xsk: Add new statistics")
Suggested-by: Dan Carpenter <dan.carpenter at oracle.com>
Signed-off-by: Peilin Ye <yepeilin.cs at gmail.com>
---
 net/xdp/xsk.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
index 26e3bba8c204..acf001908a0d 100644
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -844,6 +844,8 @@ static int xsk_getsockopt(struct socket *sock, int level, int optname,
 		bool extra_stats = true;
 		size_t stats_size;
 
+		memset(&stats, 0, sizeof(stats));
+
 		if (len < sizeof(struct xdp_statistics_v1)) {
 			return -EINVAL;
 		} else if (len < sizeof(stats)) {
-- 
2.25.1



More information about the Linux-kernel-mentees mailing list