rtnl: fix info leak on RTM_GETLINK request for VF devices
Initialize the mac address buffer with 0 as the driver specific function will probably not fill the whole buffer. In fact, all in-kernel drivers fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible bytes. Therefore we currently leak 26 bytes of stack memory to userland via the netlink interface. Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
c085c49920
commit
84d73cd3fb
|
@ -979,6 +979,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
|
|||
* report anything.
|
||||
*/
|
||||
ivi.spoofchk = -1;
|
||||
memset(ivi.mac, 0, sizeof(ivi.mac));
|
||||
if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi))
|
||||
break;
|
||||
vf_mac.vf =
|
||||
|
|
Loading…
Reference in New Issue