34 lines
1.2 KiB
Diff
34 lines
1.2 KiB
Diff
From 322aa953dd5565d1029a18d5bda0bd25a0dbb4bb Mon Sep 17 00:00:00 2001
|
|
From: Mathias Krause <minipli@googlemail.com>
|
|
Date: Sat, 9 Mar 2013 05:52:20 +0000
|
|
Subject: rtnl: fix info leak on RTM_GETLINK request for VF devices
|
|
|
|
|
|
From: Mathias Krause <minipli@googlemail.com>
|
|
|
|
[ Upstream commit 84d73cd3fb142bf1298a8c13fd4ca50fd2432372 ]
|
|
|
|
Initialize the mac address buffer with 0 as the driver specific function
|
|
will probably not fill the whole buffer. In fact, all in-kernel drivers
|
|
fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible
|
|
bytes. Therefore we currently leak 26 bytes of stack memory to userland
|
|
via the netlink interface.
|
|
|
|
Signed-off-by: Mathias Krause <minipli@googlemail.com>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
---
|
|
net/core/rtnetlink.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
--- a/net/core/rtnetlink.c
|
|
+++ b/net/core/rtnetlink.c
|
|
@@ -976,6 +976,7 @@ static int rtnl_fill_ifinfo(struct sk_bu
|
|
* report anything.
|
|
*/
|
|
ivi.spoofchk = -1;
|
|
+ memset(ivi.mac, 0, sizeof(ivi.mac));
|
|
if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi))
|
|
break;
|
|
vf_mac.vf =
|