net: dev_addr_init() fix
authorEric Dumazet <eric.dumazet@gmail.com>
Mon, 8 Jun 2009 03:49:24 +0000 (03:49 +0000)
committerDavid S. Miller <davem@davemloft.net>
Tue, 9 Jun 2009 12:11:42 +0000 (05:11 -0700)
commit f001fde5eadd915f4858d22ed70d7040f48767cf
(net: introduce a list of device addresses dev_addr_list (v6))
added one regression Vegard Nossum found in its testings.

With kmemcheck help, Vegard found some uninitialized memory
was read and reported to user, potentialy leaking kernel data.
( thread can be found on http://lkml.org/lkml/2009/5/30/177 )

dev_addr_init() incorrectly uses sizeof() operator. We were
initializing one byte instead of MAX_ADDR_LEN bytes.

Reported-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/core/dev.c

index 4913089..81b392e 100644 (file)
@@ -3655,8 +3655,8 @@ static int dev_addr_init(struct net_device *dev)
        /* rtnl_mutex must be held here */
 
        INIT_LIST_HEAD(&dev->dev_addr_list);
-       memset(addr, 0, sizeof(*addr));
-       err = __hw_addr_add(&dev->dev_addr_list, NULL, addr, sizeof(*addr),
+       memset(addr, 0, sizeof(addr));
+       err = __hw_addr_add(&dev->dev_addr_list, NULL, addr, sizeof(addr),
                            NETDEV_HW_ADDR_T_LAN);
        if (!err) {
                /*