appletalk: fix atalk_getname() leak
authorEric Dumazet <eric.dumazet@gmail.com>
Thu, 6 Aug 2009 02:27:43 +0000 (02:27 +0000)
committerDavid S. Miller <davem@davemloft.net>
Thu, 6 Aug 2009 20:08:45 +0000 (13:08 -0700)
atalk_getname() can leak 8 bytes of kernel memory to user

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/appletalk/ddp.c

index 590b8396362237e62b82965b2f6e95fb1c167591..9ef6ff26eb0c434d7c39602f87c6fbfb017e5aa9 100644 (file)
@@ -1237,6 +1237,7 @@ static int atalk_getname(struct socket *sock, struct sockaddr *uaddr,
                        return -ENOBUFS;
 
        *uaddr_len = sizeof(struct sockaddr_at);
+       memset(&sat.sat_zero, 0, sizeof(sat.sat_zero));
 
        if (peer) {
                if (sk->sk_state != TCP_ESTABLISHED)