| Submitter | Mathias Krause |
|---|---|
| Date | March 9, 2013, 3:52 p.m. |
| Message ID | <1362844341-12591-3-git-send-email-minipli@googlemail.com> |
| Download | mbox | patch |
| Permalink | /patch/226340/ |
| State | Accepted |
| Delegated to: | David Miller |
| Headers | show |
Comments
Patch
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index b376410..a585d45 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -979,6 +979,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev, * report anything. */ ivi.spoofchk = -1; + memset(ivi.mac, 0, sizeof(ivi.mac)); if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi)) break; vf_mac.vf =
Initialize the mac address buffer with 0 as the driver specific function will probably not fill the whole buffer. In fact, all in-kernel drivers fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible bytes. Therefore we currently leak 26 bytes of stack memory to userland via the netlink interface. Signed-off-by: Mathias Krause <minipli@googlemail.com> --- net/core/rtnetlink.c | 1 + 1 file changed, 1 insertion(+)