)]}'
{
  "commit": "df0bca049d01c0ee94afb7cd5dfd959541e6c8da",
  "tree": "32df8eca11e248b8ae89d869a89bbd12a853f377",
  "parents": [
    "354b45fff90c3448c1eadabfad6ae7b8b8a2a237"
  ],
  "author": {
    "name": "Clément Lecigne",
    "email": "clement.lecigne@netasq.com",
    "time": "Thu Feb 12 16:59:09 2009 -0800"
  },
  "committer": {
    "name": "David S. Miller",
    "email": "davem@davemloft.net",
    "time": "Thu Feb 12 16:59:09 2009 -0800"
  },
  "message": "net: 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2\n\nIn function sock_getsockopt() located in net/core/sock.c, optval v.val\nis not correctly initialized and directly returned in userland in case\nwe have SO_BSDCOMPAT option set.\n\nThis dummy code should trigger the bug:\n\nint main(void)\n{\n\tunsigned char buf[4] \u003d { 0, 0, 0, 0 };\n\tint len;\n\tint sock;\n\tsock \u003d socket(33, 2, 2);\n\tgetsockopt(sock, 1, SO_BSDCOMPAT, \u0026buf, \u0026len);\n\tprintf(\"%x%x%x%x\\n\", buf[0], buf[1], buf[2], buf[3]);\n\tclose(sock);\n}\n\nHere is a patch that fix this bug by initalizing v.val just after its\ndeclaration.\n\nSigned-off-by: Clément Lecigne \u003cclement.lecigne@netasq.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "f3a0d08cbb48389c67d36bafcf49fce1c0ace1ab",
      "old_mode": 33188,
      "old_path": "net/core/sock.c",
      "new_id": "6f2e1337975de8e09b079339f2c2819caddfa8ea",
      "new_mode": 33188,
      "new_path": "net/core/sock.c"
    }
  ]
}