summaryrefslogtreecommitdiff
path: root/net/core/rtnetlink.c
diff options
context:
space:
mode:
authorMathias Krause <minipli@googlemail.com>2013-03-09 09:52:20 +0400
committerDavid S. Miller <davem@davemloft.net>2013-03-10 13:19:26 +0400
commit84d73cd3fb142bf1298a8c13fd4ca50fd2432372 (patch)
tree8575649889787ab0ba141927e4e1d3c1d0c43f68 /net/core/rtnetlink.c
parentc085c49920b2f900ba716b4ca1c1a55ece9872cc (diff)
downloadlinux-84d73cd3fb142bf1298a8c13fd4ca50fd2432372.tar.xz
rtnl: fix info leak on RTM_GETLINK request for VF devices
Initialize the mac address buffer with 0 as the driver specific function will probably not fill the whole buffer. In fact, all in-kernel drivers fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible bytes. Therefore we currently leak 26 bytes of stack memory to userland via the netlink interface. Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core/rtnetlink.c')
-rw-r--r--net/core/rtnetlink.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index b376410ff259..a585d45cc9d9 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -979,6 +979,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
* report anything.
*/
ivi.spoofchk = -1;
+ memset(ivi.mac, 0, sizeof(ivi.mac));
if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi))
break;
vf_mac.vf =