• Mathias Krause's avatar
    dcbnl: fix various netlink info leaks · 0e03cad4
    Mathias Krause authored
    commit 29cd8ae0 upstream.
    
    The dcb netlink interface leaks stack memory in various places:
    * perm_addr[] buffer is only filled at max with 12 of the 32 bytes but
      copied completely,
    * no in-kernel driver fills all fields of an IEEE 802.1Qaz subcommand,
      so we're leaking up to 58 bytes for ieee_ets structs, up to 136 bytes
      for ieee_pfc structs, etc.,
    * the same is true for CEE -- no in-kernel driver fills the whole
      struct,
    
    Prevent all of the above stack info leaks by properly initializing the
    buffers/structures involved.
    Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    [bwh: Backported to 2.6.32: no support for IEEE or CEE commands, so only
     deal with perm_addr]
    Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
    0e03cad4
dcbnl.c 32.3 KB