netrom: info leak in ->getname()

The sockaddr_ax25 struct has a 3 byte hole between ->sax25_call and
->sax25_ndigis.  I've added a memset to avoid leaking uninitialized
stack data to userspace.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 103bd704b5fc39e24d07714dd6831ca2d3bf036a..ec0c80fde69f8e23f205d8cb17616c1486e9ce01 100644 (file)
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -834,6 +834,8 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
        struct sock *sk = sock->sk;
        struct nr_sock *nr = nr_sk(sk);
 
+       memset(&sax->fsa_ax25, 0, sizeof(struct sockaddr_ax25));
+
        lock_sock(sk);
        if (peer != 0) {
                if (sk->sk_state != TCP_ESTABLISHED) {