| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20161013084528.GA16198@mwanda>
Date: Thu, 13 Oct 2016 11:45:28 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: "David S. Miller" <davem@...emloft.net>,
Moshe Shemesh <moshe@...lanox.com>
Cc: Roopa Prabhu <roopa@...ulusnetworks.com>,
Nicolas Dichtel <nicolas.dichtel@...nd.com>,
Nikolay Aleksandrov <nikolay@...ulusnetworks.com>,
Eric Dumazet <edumazet@...gle.com>,
Hannes Frederic Sowa <hannes@...essinduktion.org>,
Nogah Frankel <nogahf@...lanox.com>,
Brenden Blanco <bblanco@...mgrid.com>, netdev@...r.kernel.org,
kernel-janitors@...r.kernel.org
Subject: [patch -next] net: rtnl: info leak in rtnl_fill_vfinfo()
The "vf_vlan_info" struct ends with a 2 byte struct hole so we have to
memset it to ensure that no stack information is revealed to user space.
Fixes: 79aab093a0b5 ('net: Update API for VF vlan protocol 802.1ad support')
Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index b06d2f4..fb7348f 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1144,6 +1144,8 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb,
if (dev->netdev_ops->ndo_get_vf_config(dev, vfs_num, &ivi))
return 0;
+ memset(&vf_vlan_info, 0, sizeof(vf_vlan_info));
+
vf_mac.vf =
vf_vlan.vf =
vf_vlan_info.vf =
Powered by blists - more mailing lists