[NETFILTER]: Fix small information leak in SO_ORIGINAL_DST (CVE-2006-1343)

It appears that sockaddr_in.sin_zero is not zeroed during getsockopt(...SO_ORIGINAL_DST...) operation. This can lead to an information leak (CVE-2006-1343). Signed-off-by: N Marcel Holtmann <marcel@holtmann.org> Signed-off-by: N Patrick McHardy <kaber@trash.net> Signed-off-by: N David S. Miller <davem@davemloft.net>

[NETFILTER]: Fix small information leak in SO_ORIGINAL_DST (CVE-2006-1343)
It appears that sockaddr_in.sin_zero is not zeroed during getsockopt(...SO_ORIGINAL_DST...) operation. This can lead to an information leak (CVE-2006-1343). Signed-off-by: N Marcel Holtmann <marcel@holtmann.org> Signed-off-by: N Patrick McHardy <kaber@trash.net> Signed-off-by: N David S. Miller <davem@davemloft.net>
6c813c3f · Marcel Holtmann · David S. Miller · d9ec5ad2 · 6c813c3f · 6c813c3f
隐藏空白更改
内联并排

Showing with 2 addition and 0 deletion

net/ipv4/netfilter/ip_conntrack_core.c net/ipv4/netfilter/ip_conntrack_core.c +1 -0

net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +1 -0

未找到文件。
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -1318,6 +1318,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len)
 			.tuple.dst.u.tcp.port;
 		sin.sin_addr.s_addr = ct->tuplehash[IP_CT_DIR_ORIGINAL]
 			.tuple.dst.ip;
+		memset(sin.sin_zero, 0, sizeof(sin.sin_zero));

 		DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n",
 		       NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port));

--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -348,6 +348,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len)
 			.tuple.dst.u.tcp.port;
 		sin.sin_addr.s_addr = ct->tuplehash[IP_CT_DIR_ORIGINAL]
 			.tuple.dst.u3.ip;
+		memset(sin.sin_zero, 0, sizeof(sin.sin_zero));

 		DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n",
 		       NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port));