diff options
author | Eric Dumazet <eric.dumazet@gmail.com> | 2010-08-16 16:04:22 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-08-17 18:12:15 -0400 |
commit | 1c40be12f7d8ca1d387510d39787b12e512a7ce8 (patch) | |
tree | f555374eb0af8cf96d0dafb2444335ee352f73b4 /net/sched/act_simple.c | |
parent | 001389b9581c13fe5fc357a0f89234f85af4215d (diff) |
net sched: fix some kernel memory leaks
We leak at least 32bits of kernel memory to user land in tc dump,
because we dont init all fields (capab ?) of the dumped structure.
Use C99 initializers so that holes and non explicit fields are zeroed.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sched/act_simple.c')
-rw-r--r-- | net/sched/act_simple.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/net/sched/act_simple.c b/net/sched/act_simple.c index 4a1d640b0cf1..97e84f3ee775 100644 --- a/net/sched/act_simple.c +++ b/net/sched/act_simple.c | |||
@@ -164,13 +164,14 @@ static inline int tcf_simp_dump(struct sk_buff *skb, struct tc_action *a, | |||
164 | { | 164 | { |
165 | unsigned char *b = skb_tail_pointer(skb); | 165 | unsigned char *b = skb_tail_pointer(skb); |
166 | struct tcf_defact *d = a->priv; | 166 | struct tcf_defact *d = a->priv; |
167 | struct tc_defact opt; | 167 | struct tc_defact opt = { |
168 | .index = d->tcf_index, | ||
169 | .refcnt = d->tcf_refcnt - ref, | ||
170 | .bindcnt = d->tcf_bindcnt - bind, | ||
171 | .action = d->tcf_action, | ||
172 | }; | ||
168 | struct tcf_t t; | 173 | struct tcf_t t; |
169 | 174 | ||
170 | opt.index = d->tcf_index; | ||
171 | opt.refcnt = d->tcf_refcnt - ref; | ||
172 | opt.bindcnt = d->tcf_bindcnt - bind; | ||
173 | opt.action = d->tcf_action; | ||
174 | NLA_PUT(skb, TCA_DEF_PARMS, sizeof(opt), &opt); | 175 | NLA_PUT(skb, TCA_DEF_PARMS, sizeof(opt), &opt); |
175 | NLA_PUT_STRING(skb, TCA_DEF_DATA, d->tcfd_defdata); | 176 | NLA_PUT_STRING(skb, TCA_DEF_DATA, d->tcfd_defdata); |
176 | t.install = jiffies_to_clock_t(jiffies - d->tcf_tm.install); | 177 | t.install = jiffies_to_clock_t(jiffies - d->tcf_tm.install); |