appletalk: aarp: zero-initialize aarp_entry to prevent heap info leak - lwn.git - Linux kernel documentation tree maintained by Jonathan Corbet

diff options

author	Yizhou Zhao <zhaoyz24@mails.tsinghua.edu.cn>	2026-05-29 18:50:16 +0800
committer	Jakub Kicinski <kuba@kernel.org>	2026-06-03 18:08:58 -0700
commit	2cdeaba5a1087f0f83e56729ea5c730b498639d9 (patch)
tree	5033a799153cb7c5a70ff49c1e1df4a65bb90a54 /drivers/net
parent	56d0885514491e5ed8f7593400879ab77c52504c (diff)
download	lwn-2cdeaba5a1087f0f83e56729ea5c730b498639d9.tar.gz lwn-2cdeaba5a1087f0f83e56729ea5c730b498639d9.zip

appletalk: aarp: zero-initialize aarp_entry to prevent heap info leak

aarp_alloc() allocates struct aarp_entry without zeroing it, but only initializes refcnt and packet_queue. When an unresolved AARP entry is created, hwaddr[ETH_ALEN] is left uninitialized. aarp_seq_show() later prints this field with %pM when users read /proc/net/atalk/arp. This can expose 6 bytes of stale heap data for each unresolved entry. Fix this by zero-initializing struct aarp_entry at allocation time. Reported-by: Yizhou Zhao <zhaoyz24@mails.tsinghua.edu.cn> Reported-by: Yuxiang Yang <yangyx22@mails.tsinghua.edu.cn> Reported-by: Ao Wang <wangao@seu.edu.cn> Reported-by: Xuewei Feng <fengxw06@126.com> Reported-by: Qi Li <qli01@tsinghua.edu.cn> Reported-by: Ke Xu <xuke@tsinghua.edu.cn> Signed-off-by: Yizhou Zhao <zhaoyz24@mails.tsinghua.edu.cn> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20260529105017.81531-1-zhaoyz24@mails.tsinghua.edu.cn Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Diffstat (limited to 'drivers/net')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: