diff options
author | Jeff Mahoney <jeffm@suse.com> | 2010-08-31 13:21:42 +0000 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2010-12-09 13:27:05 -0800 |
commit | 4db5de7adfe16721d77b7658c383f65372f1560f (patch) | |
tree | 2f2f7e97c0dd91205fe8c4637926c39fa309af26 | |
parent | 94e805453c862135b9d8b8ad31eeddc62ffb1683 (diff) |
net sched: fix kernel leak in act_police
commit 0f04cfd098fb81fded74e78ea1a1b86cc6c6c31e upstream.
While reviewing commit 1c40be12f7d8ca1d387510d39787b12e512a7ce8, I
audited other users of tc_action_ops->dump for information leaks.
That commit covered almost all of them but act_police still had a leak.
opt.limit and opt.capab aren't zeroed out before the structure is
passed out.
This patch uses the C99 initializers to zero everything unused out.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | net/sched/act_police.c | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/net/sched/act_police.c b/net/sched/act_police.c index 723964c3ee4f..e02a4d04d16a 100644 --- a/net/sched/act_police.c +++ b/net/sched/act_police.c @@ -340,22 +340,19 @@ tcf_act_police_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref) { unsigned char *b = skb_tail_pointer(skb); struct tcf_police *police = a->priv; - struct tc_police opt; - - opt.index = police->tcf_index; - opt.action = police->tcf_action; - opt.mtu = police->tcfp_mtu; - opt.burst = police->tcfp_burst; - opt.refcnt = police->tcf_refcnt - ref; - opt.bindcnt = police->tcf_bindcnt - bind; + struct tc_police opt = { + .index = police->tcf_index, + .action = police->tcf_action, + .mtu = police->tcfp_mtu, + .burst = police->tcfp_burst, + .refcnt = police->tcf_refcnt - ref, + .bindcnt = police->tcf_bindcnt - bind, + }; + if (police->tcfp_R_tab) opt.rate = police->tcfp_R_tab->rate; - else - memset(&opt.rate, 0, sizeof(opt.rate)); if (police->tcfp_P_tab) opt.peakrate = police->tcfp_P_tab->rate; - else - memset(&opt.peakrate, 0, sizeof(opt.peakrate)); NLA_PUT(skb, TCA_POLICE_TBF, sizeof(opt), &opt); if (police->tcfp_result) NLA_PUT_U32(skb, TCA_POLICE_RESULT, police->tcfp_result); |