From 16858e7e4cc0221bcc8571b9f17be531a5c313cd Mon Sep 17 00:00:00 2001
From: Avijit Kanti Das <avijitnsec@codeaurora.org>
Date: Tue, 19 Feb 2019 10:44:17 +0000
Subject: [PATCH] net: Zeroing the structure ethtool_wolinfo in
 ethtool_get_wol()

mainline inclusion
from kernel/msm-3.10
commit 63c317dbee979830
category: bugfix
bugzilla: NA
CVE: CVE-2014-9900

---------------------------------------

memset() the structure ethtool_wolinfo that has padded bytes
but the padded bytes have not been zeroed out.

Signed-off-by: Avijit Kanti Das <avijitnsec@codeaurora.org>
Link: https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071
Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9900
Signed-off-by: Xie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: Hui Wang <john.wanghui@huawei.com>
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Reviewed-by: Mao Wenan <maowenan@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 net/core/ethtool.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index aeabc4831fca..563a845fe111 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -1471,11 +1471,13 @@ static int ethtool_reset(struct net_device *dev, char __user *useraddr)
 
 static int ethtool_get_wol(struct net_device *dev, char __user *useraddr)
 {
-	struct ethtool_wolinfo wol = { .cmd = ETHTOOL_GWOL };
+	struct ethtool_wolinfo wol;
 
 	if (!dev->ethtool_ops->get_wol)
 		return -EOPNOTSUPP;
 
+	memset(&wol, 0, sizeof(struct ethtool_wolinfo));
+	wol.cmd = ETHTOOL_GWOL;
 	dev->ethtool_ops->get_wol(dev, &wol);
 
 	if (copy_to_user(useraddr, &wol, sizeof(wol)))
-- 
GitLab