| Message ID | 20140523163721.GA14067@mwanda |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
From: Dan Carpenter <dan.carpenter@oracle.com> Date: Fri, 23 May 2014 19:37:21 +0300 > This function is called from dcbnl_build_peer_app(). The "info" > struct isn't initialized at all so we disclose 2 bytes of uninitialized > stack data. We should clear it before passing it to the user. > > Fixes: 48365e485275 ('qlcnic: dcb: Add support for CEE Netlink interface.') > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- > This is a static analysis patch, and I am not familiar with this code. > We may want to put some useful information here, to go with the > app_count. I've applied this and queued it up for -stable, thanks Dan. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
> -----Original Message----- > From: Dan Carpenter [mailto:dan.carpenter@oracle.com] > Sent: Friday, May 23, 2014 10:07 PM > To: Shahed Shaikh; Sucheta Chakraborty > Cc: Dept-HSG Linux NIC Dev; netdev; kernel-janitors@vger.kernel.org > Subject: [patch] qlcnic: info leak in qlcnic_dcb_peer_app_info() > > This function is called from dcbnl_build_peer_app(). The "info" > struct isn't initialized at all so we disclose 2 bytes of uninitialized > stack data. We should clear it before passing it to the user. > > Fixes: 48365e485275 ('qlcnic: dcb: Add support for CEE Netlink > interface.') > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Sucheta Chakraborty <sucheta.chakraborty@qlogic.com> Thanks, Sucheta. > --- > This is a static analysis patch, and I am not familiar with this code. > We may want to put some useful information here, to go with the > app_count. > > diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c > b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c > index a51fe18..561cb11 100644 > --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c > +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c > @@ -1020,6 +1020,7 @@ static int qlcnic_dcb_peer_app_info(struct > net_device *netdev, > struct qlcnic_dcb_cee *peer; > int i; > > + memset(info, 0, sizeof(*info)); > *app_count = 0; > > if (!test_bit(QLCNIC_DCB_STATE, &adapter->dcb->state)) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c index a51fe18..561cb11 100644 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c @@ -1020,6 +1020,7 @@ static int qlcnic_dcb_peer_app_info(struct net_device *netdev, struct qlcnic_dcb_cee *peer; int i; + memset(info, 0, sizeof(*info)); *app_count = 0; if (!test_bit(QLCNIC_DCB_STATE, &adapter->dcb->state))
This function is called from dcbnl_build_peer_app(). The "info" struct isn't initialized at all so we disclose 2 bytes of uninitialized stack data. We should clear it before passing it to the user. Fixes: 48365e485275 ('qlcnic: dcb: Add support for CEE Netlink interface.') Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- This is a static analysis patch, and I am not familiar with this code. We may want to put some useful information here, to go with the app_count. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html