Sometimes ax25_getname() doesn't initialize all members of fsa_digipeater
field of fsa struct, also the struct has padding bytes between
sax25_call and sax25_ndigis fields. This structure is then copied to
userland. It leads to leaking of contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <email address hidden>
Signed-off-by: David S. Miller <email address hidden>
This fix is already upstream and was incorporated in v2.6.37, as this is already released into Natty closing Fix Released there:
commit fe10ae53384e48c 51996941b7720ee 16995cbcb7
Author: Vasiliy Kulikov <email address hidden>
Date: Wed Nov 10 10:14:33 2010 -0800
net: ax25: fix information leak to userland
Sometimes ax25_getname() doesn't initialize all members of fsa_digipeater
field of fsa struct, also the struct has padding bytes between
sax25_call and sax25_ndigis fields. This structure is then copied to
userland. It leads to leaking of contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <email address hidden>
Signed-off-by: David S. Miller <email address hidden>