diff options
| author | Kees Cook <kees.cook@canonical.com> | 2010-10-07 10:03:48 (GMT) |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2010-10-08 17:48:28 (GMT) |
| commit | ae6df5f96a51818d6376da5307d773baeece4014 (patch) | |
| tree | e696e82cc5a4df37f0d2d3fa25045a79646a0cce | |
| parent | 94b105723a3bfca45c75916423cd959ce71ed215 (diff) | |
| download | linux-fsl-qoriq-ae6df5f96a51818d6376da5307d773baeece4014.tar.xz | |
net: clear heap allocation for ETHTOOL_GRXCLSRLALL
Calling ETHTOOL_GRXCLSRLALL with a large rule_cnt will allocate kernel
heap without clearing it. For the one driver (niu) that implements it,
it will leave the unused portion of heap unchanged and copy the full
contents back to userspace.
Signed-off-by: Kees Cook <kees.cook@canonical.com>
Acked-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/core/ethtool.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/core/ethtool.c b/net/core/ethtool.c index 7a85367..4016ac6 100644 --- a/net/core/ethtool.c +++ b/net/core/ethtool.c @@ -348,7 +348,7 @@ static noinline_for_stack int ethtool_get_rxnfc(struct net_device *dev, if (info.cmd == ETHTOOL_GRXCLSRLALL) { if (info.rule_cnt > 0) { if (info.rule_cnt <= KMALLOC_MAX_SIZE / sizeof(u32)) - rule_buf = kmalloc(info.rule_cnt * sizeof(u32), + rule_buf = kzalloc(info.rule_cnt * sizeof(u32), GFP_USER); if (!rule_buf) return -ENOMEM; |