projects / thirdparty / kernel / stable-queue.git / blame
| Commit | Line | Data |
|---|---|---|
| 8002656c GKH |
1 | From 322aa953dd5565d1029a18d5bda0bd25a0dbb4bb Mon Sep 17 00:00:00 2001 |
| 2 | From: Mathias Krause <minipli@googlemail.com> | |
| 3 | Date: Sat, 9 Mar 2013 05:52:20 +0000 | |
| 4 | Subject: rtnl: fix info leak on RTM_GETLINK request for VF devices | |
| 5 | ||
| 6 | ||
| 7 | From: Mathias Krause <minipli@googlemail.com> | |
| 8 | ||
| 9 | [ Upstream commit 84d73cd3fb142bf1298a8c13fd4ca50fd2432372 ] | |
| 10 | ||
| 11 | Initialize the mac address buffer with 0 as the driver specific function | |
| 12 | will probably not fill the whole buffer. In fact, all in-kernel drivers | |
| 13 | fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible | |
| 14 | bytes. Therefore we currently leak 26 bytes of stack memory to userland | |
| 15 | via the netlink interface. | |
| 16 | ||
| 17 | Signed-off-by: Mathias Krause <minipli@googlemail.com> | |
| 18 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
| 19 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
| 20 | --- | |
| 21 | net/core/rtnetlink.c | 1 + | |
| 22 | 1 file changed, 1 insertion(+) | |
| 23 | ||
| 24 | --- a/net/core/rtnetlink.c | |
| 25 | +++ b/net/core/rtnetlink.c | |
| 26 | @@ -976,6 +976,7 @@ static int rtnl_fill_ifinfo(struct sk_bu | |
| 27 | * report anything. | |
| 28 | */ | |
| 29 | ivi.spoofchk = -1; | |
| 30 | + memset(ivi.mac, 0, sizeof(ivi.mac)); | |
| 31 | if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi)) | |
| 32 | break; | |
| 33 | vf_mac.vf = |