This is a note to let you know that I've just added the patch titled
qlcnic: info leak in qlcnic_dcb_peer_app_info()
to the 3.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
qlcnic-info-leak-in-qlcnic_dcb_peer_app_info.patch
and it can be found in the queue-3.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From foo@baz Thu Jun 19 10:28:46 PDT 2014
From: Dan Carpenter <[email protected]>
Date: Fri, 23 May 2014 19:37:21 +0300
Subject: qlcnic: info leak in qlcnic_dcb_peer_app_info()
From: Dan Carpenter <[email protected]>
[ Upstream commit 7df566bbdd0af0785542b89466a937e94257fcfb ]
This function is called from dcbnl_build_peer_app(). The "info"
struct isn't initialized at all so we disclose 2 bytes of uninitialized
stack data. We should clear it before passing it to the user.
Fixes: 48365e485275 ('qlcnic: dcb: Add support for CEE Netlink interface.')
Signed-off-by: Dan Carpenter <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c
@@ -1022,6 +1022,7 @@ static int qlcnic_dcb_peer_app_info(stru
struct qlcnic_dcb_cee *peer;
int i;
+ memset(info, 0, sizeof(*info));
*app_count = 0;
if (!test_bit(QLCNIC_DCB_STATE, &adapter->dcb->state))
Patches currently in stable-queue which might be from [email protected]
are
queue-3.14/qlcnic-info-leak-in-qlcnic_dcb_peer_app_info.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
