| Message ID | 1363776253-5603-1-git-send-email-luis.henriques@canonical.com |
|---|---|
| State | New |
| Headers | show |
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 6c50ac0..8f37bec 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -981,6 +981,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev, * report anything. */ ivi.spoofchk = -1; + memset(ivi.mac, 0, sizeof(ivi.mac)); if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi)) break; vf_mac.vf =
This is a note to let you know that I have just added a patch titled rtnl: fix info leak on RTM_GETLINK request for VF devices to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree which can be found at: http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue If you, or anyone else, feels it should not be added to this tree, please reply to this email. For more information about the 3.5.y.z tree, see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Thanks. -Luis ------ From 4309466c9a5c52702c2c3ece6ceb9f7f0afb0640 Mon Sep 17 00:00:00 2001 From: Mathias Krause <minipli@googlemail.com> Date: Sat, 9 Mar 2013 05:52:20 +0000 Subject: [PATCH] rtnl: fix info leak on RTM_GETLINK request for VF devices commit 84d73cd3fb142bf1298a8c13fd4ca50fd2432372 upstream. Initialize the mac address buffer with 0 as the driver specific function will probably not fill the whole buffer. In fact, all in-kernel drivers fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible bytes. Therefore we currently leak 26 bytes of stack memory to userland via the netlink interface. Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Luis Henriques <luis.henriques@canonical.com> --- net/core/rtnetlink.c | 1 + 1 file changed, 1 insertion(+) -- 1.8.1.2