ethtool: Use kcalloc instead of kmalloc for ethtool_get_strings

[ Upstream commit 077cb37f ] It seems that kernel memory can leak into userspace by a kmalloc, ethtool_get_strings, then copy_to_user sequence. Avoid this by using kcalloc to zero fill the copied buffer. Signed-off-by: Joe Perches <joe@perches.com> Acked-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

ethtool: Use kcalloc instead of kmalloc for ethtool_get_strings
[ Upstream commit 077cb37f ] It seems that kernel memory can leak into userspace by a kmalloc, ethtool_get_strings, then copy_to_user sequence. Avoid this by using kcalloc to zero fill the copied buffer. Signed-off-by: Joe Perches <joe@perches.com> Acked-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
68c3e59a · Joe Perches · Ben Hutchings · a5e14d9f · 68c3e59a
Commit 68c3e59a authored Oct 14, 2015 by Joe Perches Committed by Ben Hutchings Nov 17, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

net/core/ethtool.c net/core/ethtool.c +1 -1

No files found.
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -1359,7 +1359,7 @@ static int ethtool_get_strings(struct net_device *dev, void __user *useraddr)
 	gstrings.len = ret;
-	data = kmalloc(gstrings.len * ETH_GSTRING_LEN, GFP_USER);
+	data = kcalloc(gstrings.len, ETH_GSTRING_LEN, GFP_USER);
 	if (!data)
 		return -ENOMEM;