From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kangjie Lu Subject: [PATCH] fix infoleak in rtnetlink Date: Tue, 3 May 2016 16:46:24 -0400 Message-ID: <1462308384-6315-1-git-send-email-kjlu@gatech.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: sfeldma@gmail.com, roopa@cumulusnetworks.com, jiri@mellanox.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, taesoo@gatech.edu, insu@gatech.edu, Kangjie Lu To: davem@davemloft.net Return-path: Received: from mail-yw0-f169.google.com ([209.85.161.169]:36312 "EHLO mail-yw0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756446AbcECUnX (ORCPT ); Tue, 3 May 2016 16:43:23 -0400 Sender: netdev-owner@vger.kernel.org List-ID: The stack object =E2=80=9Cmap=E2=80=9D has a total size of 32 bytes. It= s last 4 bytes are padding generated by compiler. These padding bytes are not initialized and sent out via =E2=80=9Cnla_put=E2=80=9D. Signed-off-by: Kangjie Lu --- net/core/rtnetlink.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index a75f7e9..65763c2 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -1180,14 +1180,16 @@ static noinline_for_stack int rtnl_fill_vfinfo(= struct sk_buff *skb, =20 static int rtnl_fill_link_ifmap(struct sk_buff *skb, struct net_device= *dev) { - struct rtnl_link_ifmap map =3D { - .mem_start =3D dev->mem_start, - .mem_end =3D dev->mem_end, - .base_addr =3D dev->base_addr, - .irq =3D dev->irq, - .dma =3D dev->dma, - .port =3D dev->if_port, - }; + struct rtnl_link_ifmap map; + + memset(&map, 0, sizeof(map)); + map.mem_start =3D dev->mem_start; + map.mem_end =3D dev->mem_end; + map.base_addr =3D dev->base_addr; + map.irq =3D dev->irq; + map.dma =3D dev->dma; + map.port =3D dev->if_port; + if (nla_put(skb, IFLA_MAP, sizeof(map), &map)) return -EMSGSIZE; =20 --=20 1.9.1