From: Neil Horman <nhorman@redhat.com> Date: Fri, 24 Sep 2010 12:49:31 -0400 Subject: [net] sched: fix info leak in traffic policing Message-id: <20100924124931.GB30441@hmsreliant.think-freely.org> Patchwork-id: 28362 O-Subject: [RHEL 5.6 PATCH] net: fix info leak in traffic policing Bugzilla: 636392 RH-Acked-by: Amerigo Wang <amwang@redhat.com> RH-Acked-by: Thomas Graf <tgraf@redhat.com> Hey- This is a backport of commit 0f04cfd098fb81fded74e78ea1a1b86cc6c6c31e. A while ago an audit of the traffic classification and policing code cleaned up some information leaks that resulted from the missing zeroing of data in several structures that were returned to user space. This patch fixes up a location in the policing code that was missed. Resolves bz 636392 Brew Status: https://brewweb.devel.redhat.com/taskinfo?taskID=2778177 Signed-off-by: Jarod Wilson <jarod@redhat.com> diff --git a/net/sched/act_police.c b/net/sched/act_police.c index da905d7..876ec72 100644 --- a/net/sched/act_police.c +++ b/net/sched/act_police.c @@ -342,23 +342,20 @@ static int tcf_act_police_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref) { unsigned char *b = skb->tail; - struct tc_police opt; struct tcf_police *p = PRIV(a); + struct tc_police opt = { + .index = p->index, + .action = p->action, + .mtu = p->mtu, + .burst = p->burst, + .refcnt = p->refcnt - ref, + .bindcnt = p->bindcnt - bind, + }; - opt.index = p->index; - opt.action = p->action; - opt.mtu = p->mtu; - opt.burst = p->burst; - opt.refcnt = p->refcnt - ref; - opt.bindcnt = p->bindcnt - bind; if (p->R_tab) opt.rate = p->R_tab->rate; - else - memset(&opt.rate, 0, sizeof(opt.rate)); if (p->P_tab) opt.peakrate = p->P_tab->rate; - else - memset(&opt.peakrate, 0, sizeof(opt.peakrate)); RTA_PUT(skb, TCA_POLICE_TBF, sizeof(opt), &opt); if (p->result) RTA_PUT(skb, TCA_POLICE_RESULT, sizeof(int), &p->result);