| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Aug 2016 07:06:24 -0700
From: Joe Perches <joe@...ches.com>
To: Luis Henriques <luis.henriques@...onical.com>,
Avijit Kanti Das <avijitnsec@...eaurora.org>
Cc: "David S . Miller" <davem@...emloft.net>,
Ben Hutchings <ben@...adent.org.uk>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
On Tue, 2016-08-23 at 14:41 +0100, Luis Henriques wrote:
> From: Avijit Kanti Das <avijitnsec@...eaurora.org>
>
> memset() the structure ethtool_wolinfo that has padded bytes
> but the padded bytes have not been zeroed out.
I expect there are more of these in the kernel tree.
While this patch is strictly true and the behavior is not
guaranteed by spec, what compilers do not memset then set
the specified member? Every time I've looked, gcc does.
> diff --git a/net/core/ethtool.c b/net/core/ethtool.c
[]
> @@ -1435,11 +1435,13 @@ static int ethtool_reset(struct net_device *dev, char __user *useraddr)
>
> static int ethtool_get_wol(struct net_device *dev, char __user *useraddr)
> {
> - struct ethtool_wolinfo wol = { .cmd = ETHTOOL_GWOL };
> + struct ethtool_wolinfo wol;
>
> if (!dev->ethtool_ops->get_wol)
> return -EOPNOTSUPP;
>
> + memset(&wol, 0, sizeof(struct ethtool_wolinfo));
> + wol.cmd = ETHTOOL_GWOL;
> dev->ethtool_ops->get_wol(dev, &wol);
>
> if (copy_to_user(useraddr, &wol, sizeof(wol)))
Powered by blists - more mailing lists