diff options
author | Mathias Krause <minipli@googlemail.com> | 2013-03-09 06:52:20 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2013-03-10 10:19:26 +0100 |
commit | 84d73cd3fb142bf1298a8c13fd4ca50fd2432372 (patch) | |
tree | 8575649889787ab0ba141927e4e1d3c1d0c43f68 | |
parent | bridge: fix mdb info leaks (diff) | |
download | linux-84d73cd3fb142bf1298a8c13fd4ca50fd2432372.tar.xz linux-84d73cd3fb142bf1298a8c13fd4ca50fd2432372.zip |
rtnl: fix info leak on RTM_GETLINK request for VF devices
Initialize the mac address buffer with 0 as the driver specific function
will probably not fill the whole buffer. In fact, all in-kernel drivers
fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible
bytes. Therefore we currently leak 26 bytes of stack memory to userland
via the netlink interface.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/core/rtnetlink.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index b376410ff259..a585d45cc9d9 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -979,6 +979,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev, * report anything. */ ivi.spoofchk = -1; + memset(ivi.mac, 0, sizeof(ivi.mac)); if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi)) break; vf_mac.vf = |