[Linux-kernel-mentees] [PATCH net] xdp: Prevent kernel-infoleak in xsk_getsockopt()

Mon, 27 Jul 2020 19:30:22 -0700 

xsk_getsockopt() is copying uninitialized stack memory to userspace when
`extra_stats` is `false`. Fix it by initializing `stats` with memset().

Cc: sta...@vger.kernel.org
Fixes: 8aa5a33578e9 ("xsk: Add new statistics")
Suggested-by: Dan Carpenter <dan.carpen...@oracle.com>
Signed-off-by: Peilin Ye <yepeilin...@gmail.com>
---
 net/xdp/xsk.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
index 26e3bba8c204..acf001908a0d 100644
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -844,6 +844,8 @@ static int xsk_getsockopt(struct socket *sock, int level, 
int optname,
                bool extra_stats = true;
                size_t stats_size;
 
+               memset(&stats, 0, sizeof(stats));
+
                if (len < sizeof(struct xdp_statistics_v1)) {
                        return -EINVAL;
                } else if (len < sizeof(stats)) {
-- 
2.25.1

Reply via email to