net: Zero ifla_vf_info in rtnl_fill_vfinfo()
authorMintz, Yuval <Yuval.Mintz@cavium.com>
Wed, 7 Jun 2017 18:00:33 +0000 (21:00 +0300)
committerDavid S. Miller <davem@davemloft.net>
Thu, 8 Jun 2017 14:58:02 +0000 (10:58 -0400)
Some of the structure's fields are not initialized by the
rtnetlink. If driver doesn't set those in ndo_get_vf_config(),
they'd leak memory to user.

Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com>
CC: Michal Schmidt <mschmidt@redhat.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/core/rtnetlink.c

index 9e2c0a7cb3256e8cb2af1d65aaf293db96b9a418..5e61456f6bc795cfb75db2d530eb3b1872c82989 100644 (file)
@@ -1124,6 +1124,8 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb,
        struct ifla_vf_mac vf_mac;
        struct ifla_vf_info ivi;
 
+       memset(&ivi, 0, sizeof(ivi));
+
        /* Not all SR-IOV capable drivers support the
         * spoofcheck and "RSS query enable" query.  Preset to
         * -1 so the user space tool can detect that the driver
@@ -1132,7 +1134,6 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb,
        ivi.spoofchk = -1;
        ivi.rss_query_en = -1;
        ivi.trusted = -1;
-       memset(ivi.mac, 0, sizeof(ivi.mac));
        /* The default value for VF link state is "auto"
         * IFLA_VF_LINK_STATE_AUTO which equals zero
         */