Commit 84d73cd3 authored by Mathias Krause's avatar Mathias Krause Committed by David S. Miller

rtnl: fix info leak on RTM_GETLINK request for VF devices

Initialize the mac address buffer with 0 as the driver specific function
will probably not fill the whole buffer. In fact, all in-kernel drivers
fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible
bytes. Therefore we currently leak 26 bytes of stack memory to userland
via the netlink interface.
Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent c085c499
...@@ -979,6 +979,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev, ...@@ -979,6 +979,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
* report anything. * report anything.
*/ */
ivi.spoofchk = -1; ivi.spoofchk = -1;
memset(ivi.mac, 0, sizeof(ivi.mac));
if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi)) if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi))
break; break;
vf_mac.vf = vf_mac.vf =
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment