aboutsummaryrefslogtreecommitdiff
path: root/net/core
diff options
context:
space:
mode:
authorKees Cook <kees.cook@canonical.com>2010-10-07 10:03:48 +0000
committerGreg Kroah-Hartman <gregkh@suse.de>2011-03-21 12:43:41 -0700
commitc90039d59a6a4c8e675f44974a8d4affd4a55d8c (patch)
treec356c7d9a0ba1ec9d96359f5c341887e527512e1 /net/core
parentcedb14039c279adef0b250a636da323ac904f1df (diff)
net: clear heap allocation for ETHTOOL_GRXCLSRLALL
commit ae6df5f96a51818d6376da5307d773baeece4014 upstream. Calling ETHTOOL_GRXCLSRLALL with a large rule_cnt will allocate kernel heap without clearing it. For the one driver (niu) that implements it, it will leave the unused portion of heap unchanged and copy the full contents back to userspace. Signed-off-by: Kees Cook <kees.cook@canonical.com> Acked-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'net/core')
-rw-r--r--net/core/ethtool.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index 310ba1c2808..fe41a5f26bb 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -258,7 +258,7 @@ static int ethtool_get_rxnfc(struct net_device *dev,
if (info.cmd == ETHTOOL_GRXCLSRLALL) {
if (info.rule_cnt > 0) {
if (info.rule_cnt <= KMALLOC_MAX_SIZE / sizeof(u32))
- rule_buf = kmalloc(info.rule_cnt * sizeof(u32),
+ rule_buf = kzalloc(info.rule_cnt * sizeof(u32),
GFP_USER);
if (!rule_buf)
return -ENOMEM;