In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memset(), avoid intentionally writing across
neighboring fields.
Add struct_group() to mark region of struct rt6_info that should be
initialized to zero.
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
include/net/ip6_fib.h | 30 ++++++++++++++++--------------
net/ipv6/route.c | 4 +---
2 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/include/net/ip6_fib.h b/include/net/ip6_fib.h
index 15b7fbe6b15c..9816e7444918 100644
--- a/include/net/ip6_fib.h
+++ b/include/net/ip6_fib.h
@@ -205,20 +205,22 @@ struct fib6_info {
struct rt6_info {
struct dst_entry dst;
- struct fib6_info __rcu *from;
- int sernum;
-
- struct rt6key rt6i_dst;
- struct rt6key rt6i_src;
- struct in6_addr rt6i_gateway;
- struct inet6_dev *rt6i_idev;
- u32 rt6i_flags;
-
- struct list_head rt6i_uncached;
- struct uncached_list *rt6i_uncached_list;
-
- /* more non-fragment space at head required */
- unsigned short rt6i_nfheader_len;
+ struct_group(init,
+ struct fib6_info __rcu *from;
+ int sernum;
+
+ struct rt6key rt6i_dst;
+ struct rt6key rt6i_src;
+ struct in6_addr rt6i_gateway;
+ struct inet6_dev *rt6i_idev;
+ u32 rt6i_flags;
+
+ struct list_head rt6i_uncached;
+ struct uncached_list *rt6i_uncached_list;
+
+ /* more non-fragment space at head required */
+ unsigned short rt6i_nfheader_len;
+ );
};
struct fib6_result {
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 6b8051106aba..bbcc605bab57 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -327,9 +327,7 @@ static const struct rt6_info ip6_blk_hole_entry_template = {
static void rt6_info_init(struct rt6_info *rt)
{
- struct dst_entry *dst = &rt->dst;
-
- memset(dst + 1, 0, sizeof(*rt) - sizeof(*dst));
+ memset(&rt->init, 0, sizeof(rt->init));
INIT_LIST_HEAD(&rt->rt6i_uncached);
}
--
2.30.2
