From: Jeff Mahoney <jeffm@suse•com>
To: "David S. Miller" <davem@davemloft•net>
Cc: Eric Dumazet <eric.dumazet@gmail•com>,
Network Development <netdev@vger•kernel.org>
Subject: Re: [PATCH] net sched: fix kernel leak in act_police
Date: Tue, 31 Aug 2010 19:24:10 -0400 [thread overview]
Message-ID: <4C7D8F1A.5050103@suse.com> (raw)
In-Reply-To: <4C7D8E86.6020705@suse.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/31/2010 07:21 PM, Jeff Mahoney wrote:
> While reviewing commit 1c40be12f7d8ca1d387510d39787b12e512a7ce8, I
> audited other users of tc_action_ops->dump for information leaks.
>
> That commit covered almost all of them but act_police still had a leak.
>
> opt.limit and opt.capab aren't zeroed out before the structure is
> passed out.
>
> This patch uses the C99 initializers to zero everything unused out.
>
> Signed-off-by: Jeff Mahoney <jeffm@suse•com>
> Acked-by: Jeff Mahoney <jeffm@suse•com>
Oops. Sorry about the Acked-by. I have a script that I use to rename
patches for inclusion in our trees and it tacks that on. This patch was
just pulled out of our master branch.
- -Jeff
> ---
> net/sched/act_police.c | 19 ++++++++-----------
> 1 file changed, 8 insertions(+), 11 deletions(-)
>
> --- a/net/sched/act_police.c
> +++ b/net/sched/act_police.c
> @@ -350,22 +350,19 @@ tcf_act_police_dump(struct sk_buff *skb,
> {
> unsigned char *b = skb_tail_pointer(skb);
> struct tcf_police *police = a->priv;
> - struct tc_police opt;
> + struct tc_police opt = {
> + .index = police->tcf_index,
> + .action = police->tcf_action,
> + .mtu = police->tcfp_mtu,
> + .burst = police->tcfp_burst,
> + .refcnt = police->tcf_refcnt - ref,
> + .bindcnt = police->tcf_bindcnt - bind,
> + };
>
> - opt.index = police->tcf_index;
> - opt.action = police->tcf_action;
> - opt.mtu = police->tcfp_mtu;
> - opt.burst = police->tcfp_burst;
> - opt.refcnt = police->tcf_refcnt - ref;
> - opt.bindcnt = police->tcf_bindcnt - bind;
> if (police->tcfp_R_tab)
> opt.rate = police->tcfp_R_tab->rate;
> - else
> - memset(&opt.rate, 0, sizeof(opt.rate));
> if (police->tcfp_P_tab)
> opt.peakrate = police->tcfp_P_tab->rate;
> - else
> - memset(&opt.peakrate, 0, sizeof(opt.peakrate));
> NLA_PUT(skb, TCA_POLICE_TBF, sizeof(opt), &opt);
> if (police->tcfp_result)
> NLA_PUT_U32(skb, TCA_POLICE_RESULT, police->tcfp_result);
- --
Jeff Mahoney
SUSE Labs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
iEYEARECAAYFAkx9jxoACgkQLPWxlyuTD7JckgCeLVlJwnVM/cIgIQlB3iNKcVU5
misAnRfgTTmi/pGqyb1xFVoysQSTABal
=S9mH
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2010-08-31 23:24 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-31 23:21 [PATCH] net sched: fix kernel leak in act_police Jeff Mahoney
2010-08-31 23:24 ` Jeff Mahoney [this message]
2010-09-01 21:29 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C7D8F1A.5050103@suse.com \
--to=jeffm@suse$(echo .)com \
--cc=davem@davemloft$(echo .)net \
--cc=eric.dumazet@gmail$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox