rtnl: fix info leak on RTM_GETLINK request for VF devices

[ Upstream commit 84d73cd3fb142bf1298a8c13fd4ca50fd2432372 ] Initialize the mac address buffer with 0 as the driver specific function will probably not fill the whole buffer. In fact, all in-kernel drivers fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible bytes. Therefore we currently leak 26 bytes of stack memory to userland via the netlink interface. Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Mathias Krause <minipli@googlemail.com> 2013-03-09 05:52:20 +0000
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-03-20 13:05:02 -0700
commit: 78d3a467490d72c699393947f1e566fa28672947 (patch)
tree: cee705e2e0e50ff854f4e6932d969379776999e2 /net
parent: 47d7ed18c33cc4e9cba603c7ca776c40037ae842 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 900fc6162c4..da7b3a5592d 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -975,6 +975,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
 			 * report anything.
 			 */
 			ivi.spoofchk = -1;
+			memset(ivi.mac, 0, sizeof(ivi.mac));
 			if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi))
 				break;
 			vf_mac.vf =
author	Mathias Krause <minipli@googlemail.com>	2013-03-09 05:52:20 +0000
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2013-03-20 13:05:02 -0700
commit	78d3a467490d72c699393947f1e566fa28672947 (patch)
tree	cee705e2e0e50ff854f4e6932d969379776999e2 /net
parent	47d7ed18c33cc4e9cba603c7ca776c40037ae842 (diff)