xfrm_user: fix info leak in copy_user_offload()
authorMathias Krause <minipli@googlemail.com>
Sat, 26 Aug 2017 15:08:57 +0000 (17:08 +0200)
committerSteffen Klassert <steffen.klassert@secunet.com>
Mon, 28 Aug 2017 08:58:02 +0000 (10:58 +0200)
commit5fe0d4bd8f86d19f7f24c1ae5a9b6e6a5a52e51a
treea09063c857fe5f1ad3fb5f2e6cdf7f64f6f6df95
parent54ffd790792898f05e215dce5aa593473e80e92f
xfrm_user: fix info leak in copy_user_offload()

The memory reserved to dump the xfrm offload state includes padding
bytes of struct xfrm_user_offload added by the compiler for alignment.
Add an explicit memset(0) before filling the buffer to avoid the heap
info leak.

Cc: Steffen Klassert <steffen.klassert@secunet.com>
Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
net/xfrm/xfrm_user.c