From patchwork Tue Jan 12 09:04:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Hartkopp X-Patchwork-Id: 12012833 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DCB7C433E0 for ; Tue, 12 Jan 2021 09:09:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D3E412253A for ; Tue, 12 Jan 2021 09:09:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389698AbhALJJP (ORCPT ); Tue, 12 Jan 2021 04:09:15 -0500 Received: from mo4-p00-ob.smtp.rzone.de ([81.169.146.162]:11224 "EHLO mo4-p00-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388941AbhALJJO (ORCPT ); Tue, 12 Jan 2021 04:09:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1610442318; s=strato-dkim-0002; d=hartkopp.net; h=Message-Id:Date:Subject:Cc:To:From:From:Subject:Sender; bh=Y2hdyqEH9W0jOqo8WF9Mxe0UWTLLyiqI7gZPa3+rneA=; b=k4nMtEGE5qTCJNho5lQM1eA9eiKRmGNVD6piAeQY1Rtnwp79EHa2AE4pid5BZ0mes2 aDI1RLUy4wQtKu7MhGIqq5yEdDjIp7esrag3WwvKHTGy11bZP2zxcyOrQhS0xDfdVzOU QCrV0KNMRzZtqwuYkg4GQXN9penVOw4mChvldHDSH45+4Q/opzbEZPiCDI/W9mFWDanC SDFbec37l29ABb/CfQ0NEil/y3vwHgRFqI0WTIImpQbWpYY8se/7nalUxrO2K3hFrYwY bPe4bdJNeA0BuDpdfvA3JBex9NLuE+tEgvicbVoH2q4GCT+By+9dSzEaxyKcuEzcCJL7 IXJQ== X-RZG-AUTH: ":P2MHfkW8eP4Mre39l357AZT/I7AY/7nT2yrDxb8mjGrp7owjzFK3JbFk1mS0k+8CejudJywjsStM+A==" X-RZG-CLASS-ID: mo00 Received: from silver.lan by smtp.strato.de (RZmta 47.12.1 SBL|AUTH) with ESMTPSA id k075acx0C95HKR6 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Tue, 12 Jan 2021 10:05:17 +0100 (CET) From: Oliver Hartkopp To: mkl@pengutronix.de, kuba@kernel.org, netdev@vger.kernel.org, linux-can@vger.kernel.org Cc: Oliver Hartkopp , Cong Wang , syzbot+057884e2f453e8afebc8@syzkaller.appspotmail.com Subject: [PATCH] can: isotp: fix isotp_getname() leak Date: Tue, 12 Jan 2021 10:04:57 +0100 Message-Id: <20210112090457.11262-1-socketcan@hartkopp.net> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Initialize the sockaddr_can structure to prevent a data leak to user space. Suggested-by: Cong Wang Reported-by: syzbot+057884e2f453e8afebc8@syzkaller.appspotmail.com Signed-off-by: Oliver Hartkopp --- net/can/isotp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/can/isotp.c b/net/can/isotp.c index 7839c3b9e5be..3ef7f78e553b 100644 --- a/net/can/isotp.c +++ b/net/can/isotp.c @@ -1153,10 +1153,11 @@ static int isotp_getname(struct socket *sock, struct sockaddr *uaddr, int peer) struct isotp_sock *so = isotp_sk(sk); if (peer) return -EOPNOTSUPP; + memset(addr, 0, sizeof(*addr)); addr->can_family = AF_CAN; addr->can_ifindex = so->ifindex; addr->can_addr.tp.rx_id = so->rxid; addr->can_addr.tp.tx_id = so->txid;