Patchwork [3.5.y.z,extended,stable] Patch "rtnl: fix info leak on RTM_GETLINK request for VF devices" has been added to staging queue

mail settings
Submitter Luis Henriques
Date March 20, 2013, 10:44 a.m.
Message ID <>
Download mbox | patch
Permalink /patch/229340/
State New
Headers show


Luis Henriques - March 20, 2013, 10:44 a.m.
This is a note to let you know that I have just added a patch titled

    rtnl: fix info leak on RTM_GETLINK request for VF devices

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see



From 4309466c9a5c52702c2c3ece6ceb9f7f0afb0640 Mon Sep 17 00:00:00 2001
From: Mathias Krause <>
Date: Sat, 9 Mar 2013 05:52:20 +0000
Subject: [PATCH] rtnl: fix info leak on RTM_GETLINK request for VF devices

commit 84d73cd3fb142bf1298a8c13fd4ca50fd2432372 upstream.

Initialize the mac address buffer with 0 as the driver specific function
will probably not fill the whole buffer. In fact, all in-kernel drivers
fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible
bytes. Therefore we currently leak 26 bytes of stack memory to userland
via the netlink interface.

Signed-off-by: Mathias Krause <>
Signed-off-by: David S. Miller <>
Signed-off-by: Luis Henriques <>
 net/core/rtnetlink.c | 1 +
 1 file changed, 1 insertion(+)



diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 6c50ac0..8f37bec 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -981,6 +981,7 @@  static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
 			 * report anything.
 			ivi.spoofchk = -1;
+			memset(ivi.mac, 0, sizeof(ivi.mac));
 			if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi))
 			vf_mac.vf =