From: Ben Hutchings <ben@decadent.org.uk>
To: Kangjie Lu <kangjielu@gmail.com>, davem@davemloft.net
Cc: kan.liang@intel.com, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, taesoo@gatech.edu,
csong84@gatech.edu, Kangjie Lu <kjlu@gatech.edu>
Subject: Re: [PATCH] ethtool: fix a kernel infoleak in ethtool_get_pauseparam
Date: Wed, 01 Jun 2016 18:14:24 +0100 [thread overview]
Message-ID: <1464801264.2847.76.camel@decadent.org.uk> (raw)
In-Reply-To: <1464791961-8169-1-git-send-email-kjlu@gatech.edu>
[-- Attachment #1: Type: text/plain, Size: 1295 bytes --]
On Wed, 2016-06-01 at 16:39 +0200, Kangjie Lu wrote:
> The field autoneg of pauseparam is not initialized in some
> implementations of get_pauseparam(),
Nonsense. The current implementation initialises all fields. (If
there was padding in the structure, this change would be needed to
guarantee that the padding was initialised. But there isn't.)
Ben.
> but the whole object is
> copied to userland.
>
> Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
> ---
> net/core/ethtool.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/net/core/ethtool.c b/net/core/ethtool.c
> index f426c5a..84544bd 100644
> --- a/net/core/ethtool.c
> +++ b/net/core/ethtool.c
> @@ -1723,7 +1723,10 @@ static noinline_for_stack int
> ethtool_set_channels(struct net_device *dev,
>
> static int ethtool_get_pauseparam(struct net_device *dev, void
> __user *useraddr)
> {
> - struct ethtool_pauseparam pauseparam = { ETHTOOL_GPAUSEPARAM
> };
> + struct ethtool_pauseparam pauseparam;
> +
> + memset(&pauseparam, 0, sizeof(pauseparam));
> + pauseparam.cmd = ETHTOOL_GPAUSEPARAM;
>
> if (!dev->ethtool_ops->get_pauseparam)
> return -EOPNOTSUPP;
--
Ben Hutchings
To err is human; to really foul things up requires a computer.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
prev parent reply other threads:[~2016-06-01 17:14 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-01 14:39 [PATCH] ethtool: fix a kernel infoleak in ethtool_get_pauseparam Kangjie Lu
2016-06-01 14:57 ` Edward Cree
2016-06-01 17:14 ` Ben Hutchings [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1464801264.2847.76.camel@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=csong84@gatech.edu \
--cc=davem@davemloft.net \
--cc=kan.liang@intel.com \
--cc=kangjielu@gmail.com \
--cc=kjlu@gatech.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=taesoo@gatech.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.