This is a note to let you know that I've just added the patch titled
rtnl: fix info leak on RTM_GETLINK request for VF devices
to the 3.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
rtnl-fix-info-leak-on-rtm_getlink-request-for-vf-devices.patch
and it can be found in the queue-3.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 1088cedd7b5a08f7000c81716c9c53aca2c343d7 Mon Sep 17 00:00:00 2001
From: Mathias Krause <[email protected]>
Date: Sat, 9 Mar 2013 05:52:20 +0000
Subject: rtnl: fix info leak on RTM_GETLINK request for VF devices
From: Mathias Krause <[email protected]>
[ Upstream commit 84d73cd3fb142bf1298a8c13fd4ca50fd2432372 ]
Initialize the mac address buffer with 0 as the driver specific function
will probably not fill the whole buffer. In fact, all in-kernel drivers
fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible
bytes. Therefore we currently leak 26 bytes of stack memory to userland
via the netlink interface.
Signed-off-by: Mathias Krause <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/core/rtnetlink.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -975,6 +975,7 @@ static int rtnl_fill_ifinfo(struct sk_bu
* report anything.
*/
ivi.spoofchk = -1;
+ memset(ivi.mac, 0, sizeof(ivi.mac));
if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi))
break;
vf_mac.vf =
Patches currently in stable-queue which might be from [email protected] are
queue-3.4/dcbnl-fix-various-netlink-info-leaks.patch
queue-3.4/rtnl-fix-info-leak-on-rtm_getlink-request-for-vf-devices.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
