iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/rds
History
Peilin Ye 24578a23b2 rds: Prevent kernel-infoleak in rds_notify_queue_get() 
commit bbc8a99e952226c585ac17477a85ef1194501762 upstream.

rds_notify_queue_get() is potentially copying uninitialized kernel stack
memory to userspace since the compiler may leave a 4-byte hole at the end
of `cmsg`.

In 2016 we tried to fix this issue by doing `= { 0 };` on `cmsg`, which
unfortunately does not always initialize that 4-byte hole. Fix it by using
memset() instead.

Cc: stable@vger.kernel.org
Fixes: f037590fff30 ("rds: fix a leak of kernel memory")
Fixes: bdbe6fbc6a2f ("RDS: recv.c")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-08-05 10:06:01 +02:00
..
af_rds.c
net/rds: Check address length before reading address family
2019-05-02 09:58:57 +02:00
bind.c
net/rds: Check laddr_check before calling it
2019-10-01 08:26:13 +02:00
cong.c
rds: Changing IP address internal representation to struct in6_addr
2018-07-23 21:17:44 -07:00
connection.c
rds: Remove IPv6 dependency
2018-08-01 09:32:35 -07:00
ib_cm.c
rds: Remove IPv6 dependency
2018-08-01 09:32:35 -07:00
ib_fmr.c
net: rds: exchange of 8K and 1M pool
2019-05-02 09:59:00 +02:00
ib_frmr.c
Merge branch 'linus/master' into rdma.git for-next
2018-08-16 14:21:29 -06:00
ib_mr.h
Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net
2018-08-02 10:55:32 -07:00
ib_rdma.c
net: rds: fix memory leak in rds_ib_flush_mr_pool
2019-06-11 12:20:49 +02:00
ib_recv.c
Merge branch 'linus/master' into rdma.git for-next
2018-08-16 14:21:29 -06:00
ib_ring.c
ib_send.c
Merge branch 'linus/master' into rdma.git for-next
2018-08-16 14:21:29 -06:00
ib_stats.c
net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'
2020-01-27 14:51:13 +01:00
ib_sysctl.c
ib.c
net/rds: Fix error handling in rds_ib_add_one()
2019-10-07 18:57:24 +02:00
ib.h
rds: Fix build regression.
2018-09-23 12:25:15 -07:00
info.c
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
info.h
Kconfig
net/rds: RDS is not Radio Data System
2018-08-31 23:09:53 -07:00
loop.c
rds: Changing IP address internal representation to struct in6_addr
2018-07-23 21:17:44 -07:00
loop.h
rds: clean up loopback rds_connections on netns deletion
2018-06-27 10:11:03 +09:00
Makefile
rds: remove trailing whitespace and blank lines
2018-07-24 14:10:42 -07:00
message.c
rds: remove trailing whitespace and blank lines
2018-07-24 14:10:42 -07:00
page.c
rdma_transport.c
rds: Remove IPv6 dependency
2018-08-01 09:32:35 -07:00
rdma_transport.h
rds: Enable RDS IPv6 support
2018-07-23 21:17:44 -07:00
rdma.c
net/rds: fix warn in rds_message_alloc_sgs
2019-04-20 09:16:03 +02:00
rds_single_path.h
rds.h
net/rds: fix warn in rds_message_alloc_sgs
2019-04-20 09:16:03 +02:00
recv.c
rds: Prevent kernel-infoleak in rds_notify_queue_get()
2020-08-05 10:06:01 +02:00
send.c
rds: Fix warning.
2019-07-10 09:53:46 +02:00
stats.c
net/rds: Add a few missing rds_stat_names entries
2020-01-27 14:51:04 +01:00
sysctl.c
tcp_connect.c
rds: Enable RDS IPv6 support
2018-07-23 21:17:44 -07:00
tcp_listen.c
rds: Remove IPv6 dependency
2018-08-01 09:32:35 -07:00
tcp_recv.c
rds: Changing IP address internal representation to struct in6_addr
2018-07-23 21:17:44 -07:00
tcp_send.c
rds: Changing IP address internal representation to struct in6_addr
2018-07-23 21:17:44 -07:00
tcp_stats.c
tcp.c
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
2019-04-17 08:38:41 +02:00
tcp.h
rds: Enable RDS IPv6 support
2018-07-23 21:17:44 -07:00
threads.c
rds: Changing IP address internal representation to struct in6_addr
2018-07-23 21:17:44 -07:00
transport.c
rds: remove trailing whitespace and blank lines
2018-07-24 14:10:42 -07:00