From 5539367290c83768be0235c2acc644e82606c117 Mon Sep 17 00:00:00 2001 From: Tejaswi Tanikella Date: Mon, 11 Jun 2018 16:30:24 +0530 Subject: [PATCH] net: sockev: fix uninitialized data leak into userspace Socket event string, notifying userspace of socket event, can leak data into userspace. Memset it before filling it using strlcpy. Change-Id: I37851f32a1b7ce3307644998c2cc7dd617bb7022 Signed-off-by: Tejaswi Tanikella --- net/core/sockev_nlmcast.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/core/sockev_nlmcast.c b/net/core/sockev_nlmcast.c index 749ffb81c87c..3d7dabef6410 100644 --- a/net/core/sockev_nlmcast.c +++ b/net/core/sockev_nlmcast.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2015, The Linux Foundation. All rights reserved. + * Copyright (c) 2014-2015, 2018 The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -36,6 +36,8 @@ static struct netlink_kernel_cfg nlcfg = { static void _sockev_event(unsigned long event, __u8 *evstr, int buflen) { + memset(evstr, 0, buflen); + switch (event) { case SOCKEV_SOCKET: strlcpy(evstr, "SOCKEV_SOCKET", buflen);