mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 05:35:54 +00:00
51 lines
1.5 KiB
Diff
51 lines
1.5 KiB
Diff
From 5f8e44741f9f216e33736ea4ec65ca9ac03036e6 Mon Sep 17 00:00:00 2001
|
|
From: Kangjie Lu <kangjielu@gmail.com>
|
|
Date: Tue, 3 May 2016 16:46:24 -0400
|
|
Subject: net: fix infoleak in rtnetlink
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
The stack object “map” has a total size of 32 bytes. Its last 4
|
|
bytes are padding generated by compiler. These padding bytes are
|
|
not initialized and sent out via “nla_put”.
|
|
|
|
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
---
|
|
net/core/rtnetlink.c | 18 ++++++++++--------
|
|
1 file changed, 10 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
|
|
index a75f7e9..65763c2 100644
|
|
--- a/net/core/rtnetlink.c
|
|
+++ b/net/core/rtnetlink.c
|
|
@@ -1180,14 +1180,16 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb,
|
|
|
|
static int rtnl_fill_link_ifmap(struct sk_buff *skb, struct net_device *dev)
|
|
{
|
|
- struct rtnl_link_ifmap map = {
|
|
- .mem_start = dev->mem_start,
|
|
- .mem_end = dev->mem_end,
|
|
- .base_addr = dev->base_addr,
|
|
- .irq = dev->irq,
|
|
- .dma = dev->dma,
|
|
- .port = dev->if_port,
|
|
- };
|
|
+ struct rtnl_link_ifmap map;
|
|
+
|
|
+ memset(&map, 0, sizeof(map));
|
|
+ map.mem_start = dev->mem_start;
|
|
+ map.mem_end = dev->mem_end;
|
|
+ map.base_addr = dev->base_addr;
|
|
+ map.irq = dev->irq;
|
|
+ map.dma = dev->dma;
|
|
+ map.port = dev->if_port;
|
|
+
|
|
if (nla_put(skb, IFLA_MAP, sizeof(map), &map))
|
|
return -EMSGSIZE;
|
|
|
|
--
|
|
cgit v1.1
|
|
|