From: Jeff Mahoney <jeffm@suse.com>
To: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <eric.dumazet@gmail.com>,
Network Development <netdev@vger.kernel.org>
Subject: Re: [PATCH] net sched: fix kernel leak in act_police
Date: Tue, 31 Aug 2010 19:24:10 -0400 [thread overview]
Message-ID: <4C7D8F1A.5050103@suse.com> (raw)
In-Reply-To: <4C7D8E86.6020705@suse.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/31/2010 07:21 PM, Jeff Mahoney wrote:
> While reviewing commit 1c40be12f7d8ca1d387510d39787b12e512a7ce8, I
> audited other users of tc_action_ops->dump for information leaks.
>
> That commit covered almost all of them but act_police still had a leak.
>
> opt.limit and opt.capab aren't zeroed out before the structure is
> passed out.
>
> This patch uses the C99 initializers to zero everything unused out.
>
> Signed-off-by: Jeff Mahoney <jeffm@suse.com>
> Acked-by: Jeff Mahoney <jeffm@suse.com>
Oops. Sorry about the Acked-by. I have a script that I use to rename
patches for inclusion in our trees and it tacks that on. This patch was
just pulled out of our master branch.
- -Jeff
> ---
> net/sched/act_police.c | 19 ++++++++-----------
> 1 file changed, 8 insertions(+), 11 deletions(-)
>
> --- a/net/sched/act_police.c
> +++ b/net/sched/act_police.c
> @@ -350,22 +350,19 @@ tcf_act_police_dump(struct sk_buff *skb,
> {
> unsigned char *b = skb_tail_pointer(skb);
> struct tcf_police *police = a->priv;
> - struct tc_police opt;
> + struct tc_police opt = {
> + .index = police->tcf_index,
> + .action = police->tcf_action,
> + .mtu = police->tcfp_mtu,
> + .burst = police->tcfp_burst,
> + .refcnt = police->tcf_refcnt - ref,
> + .bindcnt = police->tcf_bindcnt - bind,
> + };
>
> - opt.index = police->tcf_index;
> - opt.action = police->tcf_action;
> - opt.mtu = police->tcfp_mtu;
> - opt.burst = police->tcfp_burst;
> - opt.refcnt = police->tcf_refcnt - ref;
> - opt.bindcnt = police->tcf_bindcnt - bind;
> if (police->tcfp_R_tab)
> opt.rate = police->tcfp_R_tab->rate;
> - else
> - memset(&opt.rate, 0, sizeof(opt.rate));
> if (police->tcfp_P_tab)
> opt.peakrate = police->tcfp_P_tab->rate;
> - else
> - memset(&opt.peakrate, 0, sizeof(opt.peakrate));
> NLA_PUT(skb, TCA_POLICE_TBF, sizeof(opt), &opt);
> if (police->tcfp_result)
> NLA_PUT_U32(skb, TCA_POLICE_RESULT, police->tcfp_result);
- --
Jeff Mahoney
SUSE Labs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
iEYEARECAAYFAkx9jxoACgkQLPWxlyuTD7JckgCeLVlJwnVM/cIgIQlB3iNKcVU5
misAnRfgTTmi/pGqyb1xFVoysQSTABal
=S9mH
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2010-08-31 23:24 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-31 23:21 [PATCH] net sched: fix kernel leak in act_police Jeff Mahoney
2010-08-31 23:24 ` Jeff Mahoney [this message]
2010-09-01 21:29 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C7D8F1A.5050103@suse.com \
--to=jeffm@suse.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.