linux.git - Linus' kernel tree

diff options

author	Ranganath V N <vnranganath.20@gmail.com>	2025-11-09 14:43:35 +0530
committer	Paolo Abeni <pabeni@redhat.com>	2025-11-11 15:00:08 +0100
commit	62b656e43eaeae445a39cd8021a4f47065af4389 (patch)
tree	2a3c0ba9adf22e7bfb97c9939fca6b91b23eec01 /net/unix/af_unix.c
parent	60e6489f8e3b086bd1130ad4450a2c112e863791 (diff)

net: sched: act_connmark: initialize struct tc_ife to fix kernel leak

In tcf_connmark_dump(), the variable 'opt' was partially initialized using a designatied initializer. While the padding bytes are reamined uninitialized. nla_put() copies the entire structure into a netlink message, these uninitialized bytes leaked to userspace. Initialize the structure with memset before assigning its fields to ensure all members and padding are cleared prior to beign copied. Reported-by: syzbot+0c85cae3350b7d486aee@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=0c85cae3350b7d486aee Tested-by: syzbot+0c85cae3350b7d486aee@syzkaller.appspotmail.com Fixes: 22a5dc0e5e3e ("net: sched: Introduce connmark action") Signed-off-by: Ranganath V N <vnranganath.20@gmail.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20251109091336.9277-2-vnranganath.20@gmail.com Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>

Diffstat (limited to 'net/unix/af_unix.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: