diff options
author | Dan Rosenberg <drosenberg@vsecurity.com> | 2010-09-15 11:43:04 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-09-16 21:54:59 -0700 |
commit | 44467187dc22fdd33a1a06ea0ba86ce20be3fe3c (patch) | |
tree | 5a05b2802aebe542ae5caeafd72161b4e9a3d726 | |
parent | 7011e660938fc44ed86319c18a5954e95a82ab3e (diff) | |
download | linux-44467187dc22fdd33a1a06ea0ba86ce20be3fe3c.tar.bz2 |
drivers/net/eql.c: prevent reading uninitialized stack memory
Fixed formatting (tabs and line breaks).
The EQL_GETMASTRCFG device ioctl allows unprivileged users to read 16
bytes of uninitialized stack memory, because the "master_name" member of
the master_config_t struct declared on the stack in eql_g_master_cfg()
is not altered or zeroed before being copied back to the user. This
patch takes care of it.
Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | drivers/net/eql.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/net/eql.c b/drivers/net/eql.c index dda2c7944da9..0cb1cf9cf4b0 100644 --- a/drivers/net/eql.c +++ b/drivers/net/eql.c @@ -555,6 +555,8 @@ static int eql_g_master_cfg(struct net_device *dev, master_config_t __user *mcp) equalizer_t *eql; master_config_t mc; + memset(&mc, 0, sizeof(master_config_t)); + if (eql_is_master(dev)) { eql = netdev_priv(dev); mc.max_slaves = eql->max_slaves; |