staging: slicoss: information leak in ETHTOOL_GSET
authorDan Carpenter <dan.carpenter@oracle.com>
Thu, 4 Apr 2013 06:29:42 +0000 (09:29 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 5 Apr 2013 21:17:00 +0000 (14:17 -0700)
There are some fields in "edata" which have not been cleared.  One
example is edata.cmd.  It leaks uninitialized stack information to the
user.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/slicoss/slicoss.c

index c8375a26816b2b1799c760c40e2a4e441f93713f..e4b82770ed39f68d747d1afe144c2273ed60a4bc 100644 (file)
@@ -3149,6 +3149,7 @@ static int slic_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
                        return -EFAULT;
 
                if (ecmd.cmd == ETHTOOL_GSET) {
+                       memset(&edata, 0, sizeof(edata));
                        edata.supported = (SUPPORTED_10baseT_Half |
                                           SUPPORTED_10baseT_Full |
                                           SUPPORTED_100baseT_Half |