> -----Original Message----- > From: Dan Carpenter [mailto:dan.carpenter@xxxxxxxxxx] > Sent: Friday, May 23, 2014 10:07 PM > To: Shahed Shaikh; Sucheta Chakraborty > Cc: Dept-HSG Linux NIC Dev; netdev; kernel-janitors@xxxxxxxxxxxxxxx > Subject: [patch] qlcnic: info leak in qlcnic_dcb_peer_app_info() > > This function is called from dcbnl_build_peer_app(). The "info" > struct isn't initialized at all so we disclose 2 bytes of uninitialized > stack data. We should clear it before passing it to the user. > > Fixes: 48365e485275 ('qlcnic: dcb: Add support for CEE Netlink > interface.') > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Acked-by: Sucheta Chakraborty <sucheta.chakraborty@xxxxxxxxxx> Thanks, Sucheta. > --- > This is a static analysis patch, and I am not familiar with this code. > We may want to put some useful information here, to go with the > app_count. > > diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c > b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c > index a51fe18..561cb11 100644 > --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c > +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c > @@ -1020,6 +1020,7 @@ static int qlcnic_dcb_peer_app_info(struct > net_device *netdev, > struct qlcnic_dcb_cee *peer; > int i; > > + memset(info, 0, sizeof(*info)); > *app_count = 0; > > if (!test_bit(QLCNIC_DCB_STATE, &adapter->dcb->state)) -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
