From: Don Zickus <dzickus@redhat.com> Date: Thu, 17 Sep 2009 16:59:50 -0400 Subject: Revert: [net] atalk/irda: memory leak to user in getname Message-id: 20090917205950.GD3913@redhat.com O-Subject: Re: [PATCH RHEL5.5] net: atalk/irda avoid leak kernel memory to user in getname() Bugzilla: 519310 CVE: CVE-2009-3001 CVE-2009-3002 On Fri, Aug 28, 2009 at 05:28:41AM -0400, Danny Feng wrote: > RHBZ#: > https://bugzilla.redhat.com/show_bug.cgi?id=519310 > > Description: > There are numerous getname() infoleaks in rhel5, including > appletalk and irda. Backport upstream patches to avoid leak > kernel memory to users. > > Upstream status: > [irda]:http://git.kernel.org/linus/09384dfc76e526c3993c09c42e016372dc9dd22c > [appletalk]:http://git.kernel.org/linus/3d392475c873c10c10d6d96b94d092a34ebd4791 > > Brew #: > https://brewweb.devel.redhat.com/taskinfo?taskID=1945684 > > KABI: > no harm Just an FYI, this patch is being reverted because we don't have to appletalk and irda protocols enabled in RHEL-5. Cheers, Don diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c index 983ed04..96dc6bb 100644 --- a/net/appletalk/ddp.c +++ b/net/appletalk/ddp.c @@ -1237,7 +1237,6 @@ static int atalk_getname(struct socket *sock, struct sockaddr *uaddr, return -ENOBUFS; *uaddr_len = sizeof(struct sockaddr_at); - memset(&sat.sat_zero, 0, sizeof(sat.sat_zero)); if (peer) { if (sk->sk_state != TCP_ESTABLISHED) diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c index f51de09..17699ee 100644 --- a/net/irda/af_irda.c +++ b/net/irda/af_irda.c @@ -721,7 +721,6 @@ static int irda_getname(struct socket *sock, struct sockaddr *uaddr, struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); - memset(&saddr, 0, sizeof(saddr)); if (peer) { if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN;