Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0f04cfd0 authored by Jeff Mahoney's avatar Jeff Mahoney Committed by David S. Miller
Browse files

net sched: fix kernel leak in act_police 



While reviewing commit 1c40be12, I
 audited other users of tc_action_ops->dump for information leaks.

 That commit covered almost all of them but act_police still had a leak.

 opt.limit and opt.capab aren't zeroed out before the structure is
 passed out.

 This patch uses the C99 initializers to zero everything unused out.

Signed-off-by: default avatarJeff Mahoney <jeffm@suse.com>
Acked-by: default avatarJeff Mahoney <jeffm@suse.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 78b620ce

net/sched/act_police.c

+9 −12
Original line number Diff line number Diff line
@@ -350,22 +350,19 @@ tcf_act_police_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref) 
{

	unsigned char *b = skb_tail_pointer(skb);

	struct tcf_police *police = a->priv;

	struct tc_police opt;



	opt.index = police->tcf_index;

	opt.action = police->tcf_action;

	opt.mtu = police->tcfp_mtu;

	opt.burst = police->tcfp_burst;

	opt.refcnt = police->tcf_refcnt - ref;

	opt.bindcnt = police->tcf_bindcnt - bind;

	struct tc_police opt = {

		.index = police->tcf_index,

		.action = police->tcf_action,

		.mtu = police->tcfp_mtu,

		.burst = police->tcfp_burst,

		.refcnt = police->tcf_refcnt - ref,

		.bindcnt = police->tcf_bindcnt - bind,

	};



	if (police->tcfp_R_tab)

		opt.rate = police->tcfp_R_tab->rate;

	else

		memset(&opt.rate, 0, sizeof(opt.rate));

	if (police->tcfp_P_tab)

		opt.peakrate = police->tcfp_P_tab->rate;

	else

		memset(&opt.peakrate, 0, sizeof(opt.peakrate));

	NLA_PUT(skb, TCA_POLICE_TBF, sizeof(opt), &opt);

	if (police->tcfp_result)

		NLA_PUT_U32(skb, TCA_POLICE_RESULT, police->tcfp_result);