Skip to content

Commit

Permalink
rtnl: fix info leak on RTM_GETLINK request for VF devices
Browse files Browse the repository at this point in the history 
Initialize the mac address buffer with 0 as the driver specific function
will probably not fill the whole buffer. In fact, all in-kernel drivers
fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible
bytes. Therefore we currently leak 26 bytes of stack memory to userland
via the netlink interface.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Mathias Krause authored and David S. Miller committed Mar 10, 2013
1 parent c085c49 commit 84d73cd
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions net/core/rtnetlink.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -979,6 +979,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
* report anything.
*/
ivi.spoofchk = -1;
memset(ivi.mac, 0, sizeof(ivi.mac));
if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi))
break;
vf_mac.vf =
Expand Down

0 comments on commit 84d73cd

Please sign in to comment.