ipv6: Use memset_after() to zero rt6_info

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memset(), avoid intentionally writing across
neighboring fields.

Use memset_after() to clear everything after the dst_entry member of
struct rt6_info.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 5e8f2f15607db7e6589b8bdb984e62512ad30589..ecc6df6592a87d6e8fcbccaf66aae136436dd601 100644 (file)
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -328,9 +328,7 @@ static const struct rt6_info ip6_blk_hole_entry_template = {
 
 static void rt6_info_init(struct rt6_info *rt)
 {
-       struct dst_entry *dst = &rt->dst;
-
-       memset(dst + 1, 0, sizeof(*rt) - sizeof(*dst));
+       memset_after(rt, 0, dst);
        INIT_LIST_HEAD(&rt->rt6i_uncached);
 }