| From ebcf45f4df87fd1fdae125112adf0ab8b5f6c422 Mon Sep 17 00:00:00 2001 |
| From: Jeff Mahoney <jeffm@suse.com> |
| Date: Tue, 31 Aug 2010 13:21:42 +0000 |
| Subject: [PATCH] net sched: fix kernel leak in act_police |
| |
| commit 0f04cfd098fb81fded74e78ea1a1b86cc6c6c31e upstream. |
| |
| While reviewing commit 1c40be12f7d8ca1d387510d39787b12e512a7ce8, I |
| audited other users of tc_action_ops->dump for information leaks. |
| |
| That commit covered almost all of them but act_police still had a leak. |
| |
| opt.limit and opt.capab aren't zeroed out before the structure is |
| passed out. |
| |
| This patch uses the C99 initializers to zero everything unused out. |
| |
| Signed-off-by: Jeff Mahoney <jeffm@suse.com> |
| Acked-by: Jeff Mahoney <jeffm@suse.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/net/sched/act_police.c b/net/sched/act_police.c |
| index 654f73d..bf93162 100644 |
| --- a/net/sched/act_police.c |
| +++ b/net/sched/act_police.c |
| @@ -341,22 +341,19 @@ tcf_act_police_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref) |
| { |
| unsigned char *b = skb_tail_pointer(skb); |
| struct tcf_police *police = a->priv; |
| - struct tc_police opt; |
| - |
| - opt.index = police->tcf_index; |
| - opt.action = police->tcf_action; |
| - opt.mtu = police->tcfp_mtu; |
| - opt.burst = police->tcfp_burst; |
| - opt.refcnt = police->tcf_refcnt - ref; |
| - opt.bindcnt = police->tcf_bindcnt - bind; |
| + struct tc_police opt = { |
| + .index = police->tcf_index, |
| + .action = police->tcf_action, |
| + .mtu = police->tcfp_mtu, |
| + .burst = police->tcfp_burst, |
| + .refcnt = police->tcf_refcnt - ref, |
| + .bindcnt = police->tcf_bindcnt - bind, |
| + }; |
| + |
| if (police->tcfp_R_tab) |
| opt.rate = police->tcfp_R_tab->rate; |
| - else |
| - memset(&opt.rate, 0, sizeof(opt.rate)); |
| if (police->tcfp_P_tab) |
| opt.peakrate = police->tcfp_P_tab->rate; |
| - else |
| - memset(&opt.peakrate, 0, sizeof(opt.peakrate)); |
| NLA_PUT(skb, TCA_POLICE_TBF, sizeof(opt), &opt); |
| if (police->tcfp_result) |
| NLA_PUT_U32(skb, TCA_POLICE_RESULT, police->tcfp_result); |
| -- |
| 1.7.4.4 |
| |