[PATCH 1/1] net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
Brad Figg
brad.figg at canonical.com
Thu Jun 8 13:41:15 UTC 2017
From: Avijit Kanti Das <avijitnsec at codeaurora.org>
CVE-2014-9900
memset() the structure ethtool_wolinfo that has padded bytes
but the padded bytes have not been zeroed out.
Change-Id: If3fd2d872a1b1ab9521d937b86a29fc468a8bbfe
Signed-off-by: Avijit Kanti Das <avijitnsec at codeaurora.org>
Signed-off-by: Brad Figg <brad.figg at canonical.com>
---
net/core/ethtool.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index 23b3394..8fc6595 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -1160,11 +1160,13 @@ static int ethtool_reset(struct net_device *dev, char __user *useraddr)
static int ethtool_get_wol(struct net_device *dev, char __user *useraddr)
{
- struct ethtool_wolinfo wol = { .cmd = ETHTOOL_GWOL };
+ struct ethtool_wolinfo wol;
if (!dev->ethtool_ops->get_wol)
return -EOPNOTSUPP;
+ memset(&wol, 0, sizeof(struct ethtool_wolinfo));
+ wol.cmd = ETHTOOL_GWOL;
dev->ethtool_ops->get_wol(dev, &wol);
if (copy_to_user(useraddr, &wol, sizeof(wol)))
--
2.7.4
More information about the kernel-team
mailing list