Commit 2f479651 authored Feb 09, 2023 by Hyunwoo Kim Committed by David S. Miller Feb 13, 2023

af_key: Fix heap information leak



Since x->encap of pfkey_msg2xfrm_state() is not
initialized to 0, kernel heap data can be leaked.

Fix with kzalloc() to prevent this.

Signed-off-by: Hyunwoo Kim <v4bel@theori.io>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 20ab8432

net/key/af_key.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1261,7 +1261,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
		const struct sadb_x_nat_t_type* n_type;
		struct xfrm_encap_tmpl *natt;

		x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL);
		x->encap = kzalloc(sizeof(*x->encap), GFP_KERNEL);
		if (!x->encap) {
		err = -ENOMEM;
		goto out;