2.6.27-stable review patch. If anyone has any objections, please let us know.
------------------ From: Kees Cook <[email protected]> [ Upstream commit b00916b189d13a615ff05c9242201135992fcda3 ] Several other ethtool functions leave heap uncleared (potentially) by drivers. Some interfaces appear safe (eeprom, etc), in that the sizes are well controlled. In some situations (e.g. unchecked error conditions), the heap will remain unchanged in areas before copying back to userspace. Note that these are less of an issue since these all require CAP_NET_ADMIN. Cc: [email protected] Signed-off-by: Kees Cook <[email protected]> Acked-by: Ben Hutchings <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- net/core/ethtool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/core/ethtool.c +++ b/net/core/ethtool.c @@ -256,7 +256,7 @@ static int ethtool_get_regs(struct net_d if (regs.len > reglen) regs.len = reglen; - regbuf = kmalloc(reglen, GFP_USER); + regbuf = kzalloc(reglen, GFP_USER); if (!regbuf) return -ENOMEM; _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
