net: clear heap allocation for ETHTOOL_GRXCLSRLALL Calling ETHTOOL_GRXCLSRLALL with a large rule_cnt will allocate kernel heap without clearing it. For the one driver (niu) that implements it, it will leave the unused portion of heap unchanged and copy the full contents back to userspace. Signed-off-by: Kees Cook <kees.cook@canonical.com> Acked-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: ae6df5f96a51818d6376da5307d773baeece4014 [log] [tgz]
author: Kees Cook <kees.cook@canonical.com> Thu Oct 07 10:03:48 2010 +0000
committer: David S. Miller <davem@davemloft.net> Fri Oct 08 10:48:28 2010 -0700
tree: e696e82cc5a4df37f0d2d3fa25045a79646a0cce
parent: 94b105723a3bfca45c75916423cd959ce71ed215 [diff] [blame]
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index 7a85367..4016ac6 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c

@@ -348,7 +348,7 @@
 	if (info.cmd == ETHTOOL_GRXCLSRLALL) {
 		if (info.rule_cnt > 0) {
 			if (info.rule_cnt <= KMALLOC_MAX_SIZE / sizeof(u32))
-				rule_buf = kmalloc(info.rule_cnt * sizeof(u32),
+				rule_buf = kzalloc(info.rule_cnt * sizeof(u32),
 						   GFP_USER);
 			if (!rule_buf)
 				return -ENOMEM;
commit	ae6df5f96a51818d6376da5307d773baeece4014	[log] [tgz]
author	Kees Cook <kees.cook@canonical.com>	Thu Oct 07 10:03:48 2010 +0000
committer	David S. Miller <davem@davemloft.net>	Fri Oct 08 10:48:28 2010 -0700
tree	e696e82cc5a4df37f0d2d3fa25045a79646a0cce
parent	94b105723a3bfca45c75916423cd959ce71ed215 [diff] [blame]