tipc: fix info leak from kernel tipc_event
authorJon Maloy <jon.maloy@ericsson.com>
Thu, 18 Oct 2018 15:38:29 +0000 (17:38 +0200)
committerDavid S. Miller <davem@davemloft.net>
Thu, 18 Oct 2018 23:49:53 +0000 (16:49 -0700)
We initialize a struct tipc_event allocated on the kernel stack to
zero to avert info leak to user space.

Reported-by: syzbot+057458894bc8cada4dee@syzkaller.appspotmail.com
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/tipc/group.c

index e82f13cb2dc5aececbd4ce2e6b9f59e1e2f003e8..06fee142f09fbea05a8b27bb240a4f3d3480b5b2 100644 (file)
@@ -666,6 +666,7 @@ static void tipc_group_create_event(struct tipc_group *grp,
        struct sk_buff *skb;
        struct tipc_msg *hdr;
 
+       memset(&evt, 0, sizeof(evt));
        evt.event = event;
        evt.found_lower = m->instance;
        evt.found_upper = m->instance;