| Message ID | YNrXoNAiQama8Us8@mwanda |
|---|---|
| State | New |
| Headers | show |
| Series | [net] sctp: prevent info leak in sctp_make_heartbeat() | expand |
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index 587fb3cb88e2..3a290f620e96 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -1162,7 +1162,7 @@ struct sctp_chunk *sctp_make_new_encap_port(const struct sctp_association *asoc, struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, const struct sctp_transport *transport) { - struct sctp_sender_hb_info hbinfo; + struct sctp_sender_hb_info hbinfo = {}; struct sctp_chunk *retval; retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT, 0,
The "hbinfo" struct has a 4 byte hole at the end so we have to zero it out to prevent stack information from being disclosed. Fixes: fe59379b9ab7 ("sctp: do the basic send and recv for PLPMTUD probe") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- Btw = {} is the newest way to initialize holes. In the past we have debated whether = {} will *always* zero out struct holes and it wasn't clear from the C standard. But it turns out that "= {}" is not part of the standard but is instead a GCC extension and it does clear the holes. In GCC (not the C standard) then = {0}; is also supposed to initialize holes in there was a bug in one version where it didn't. So that's nice, because adding memset()s to zero everywhere was ugly. net/sctp/sm_make_chunk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)