From 02dac871e43bc4712eeaa734889a5ab32fa2f779 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Sun, 25 Oct 2015 15:11:52 +0000
Subject: [PATCH] do not expose nd6 randomid's to userland via ioctl. ok
 claudio mpi florian

---
 sys/netinet6/nd6.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c
index 2df9f8963ad..b40d1f4dcef 100644
--- a/sys/netinet6/nd6.c
+++ b/sys/netinet6/nd6.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: nd6.c,v 1.161 2015/10/25 15:01:59 mpi Exp $	*/
+/*	$OpenBSD: nd6.c,v 1.162 2015/10/25 15:11:52 deraadt Exp $	*/
 /*	$KAME: nd6.c,v 1.280 2002/06/08 19:52:07 itojun Exp $	*/
 
 /*
@@ -1172,6 +1172,9 @@ nd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp)
 	switch (cmd) {
 	case SIOCGIFINFO_IN6:
 		ndi->ndi = *ND_IFINFO(ifp);
+		memset(&ndi->ndi.randomseed0, 0, sizeof ndi->ndi.randomseed0);
+		memset(&ndi->ndi.randomseed1, 0, sizeof ndi->ndi.randomseed1);
+		memset(&ndi->ndi.randomid, 0, sizeof ndi->ndi.randomid);
 		break;
 	case SIOCSIFINFO_FLAGS:
 		ND_IFINFO(ifp)->flags = ndi->ndi.flags;
-- 
2.20.1