oss-sec mailing list archives
Re: Re: Linux kernel: more net info leak fixes for v3.9
From: P J P <ppandit () redhat com>
Date: Tue, 23 Apr 2013 15:52:32 +0530 (IST)
+-- On Mon, 22 Apr 2013, cve-assign () mitre org wrote --+ | ef3313e84acbf349caecae942ab3ab731471f1a1 CVE-2013-3223 *sax = (struct sockaddr_ax25 *)msg->msg_name; Here, - *sax - seems to point to users `msg_name' object, no? Because of the earlier copy_from_user in net/socket.h: === get_compat_msghdr(msg_sys, msg_compat) OR copy_from_user(msg_sys, msg, sizeof(struct msghdr) === Is - memset(sax, 0, sizeof(full_sockaddr_ax25)) - setting users memory area? Thank you. -- Prasad J Pandit / Red Hat Security Response Team DB7A 84C5 D3F9 7CD1 B5EB C939 D048 7860 3655 602B
Current thread:
- Re: Linux kernel: more net info leak fixes for v3.9, (continued)
- Re: Linux kernel: more net info leak fixes for v3.9 cve-assign (Apr 21)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Mathias Krause (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Mathias Krause (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 23)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 22)
- Re: Linux kernel: more net info leak fixes for v3.9 cve-assign (Apr 21)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 cve-assign (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Greg KH (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Petr Matousek (Apr 23)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Mathias Krause (Apr 23)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 23)