staging: slicoss: information leak in ETHTOOL_GSET

There are some fields in "edata" which have not been cleared. One example is edata.cmd. It leaks uninitialized stack information to the user. Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>

staging: slicoss: information leak in ETHTOOL_GSET
There are some fields in "edata" which have not been cleared. One example is edata.cmd. It leaks uninitialized stack information to the user. Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>
986d7584 · Dan Carpenter · Greg Kroah-Hartman · 69c1440e · 986d7584
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

drivers/staging/slicoss/slicoss.c drivers/staging/slicoss/slicoss.c +1 -0

未找到文件。
--- a/drivers/staging/slicoss/slicoss.c
+++ b/drivers/staging/slicoss/slicoss.c
@@ -3149,6 +3149,7 @@ static int slic_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
 			return -EFAULT;
 		if (ecmd.cmd == ETHTOOL_GSET) {
+			memset(&edata, 0, sizeof(edata));
 			edata.supported = (SUPPORTED_10baseT_Half |
 					   SUPPORTED_10baseT_Full |
 					   SUPPORTED_100baseT_Half |