Re: [PATCH 4.4 24/28] can: dev: prevent potential information leak in can_fill_info()

[Pavel Machek]

Hi!

> From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> 
> [ Upstream commit b552766c872f5b0d90323b24e4c9e8fa67486dd5 ]
> 
> The "bec" struct isn't necessarily always initialized. For example, the
> mcp251xfd_get_berr_counter() function doesn't initialize anything if the
> interface is down.

Well, yes... and = {} does not neccessarily initialize all of the
structure... for example padding.

It is really simple

struct can_berr_counter {
	__u16 txerr;
	__u16 rxerr;
};

but maybe something like alpha uses padding in such case, and memset
would be better?

Best regards,
								Pavel
								
> +++ b/drivers/net/can/dev.c
> @@ -987,7 +987,7 @@ static int can_fill_info(struct sk_buff *skb, const struct net_device *dev)
>  {
>  	struct can_priv *priv = netdev_priv(dev);
>  	struct can_ctrlmode cm = {.flags = priv->ctrlmode};
> -	struct can_berr_counter bec;
> +	struct can_berr_counter bec = { };
>  	enum can_state state = priv->state;
>  
>  	if (priv->do_get_state)

-- 
http://www.livejournal.com/~pavelmachek

Attachment: signature.asc
Description: PGP signature