Eric Lee / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit b9258a2cece4ec1f020715fe3554bc2e360f6264

Authored by Richard Palethorpe
Committed by David S. Miller
1 parent b1f4c209d8

slcan: Don't transmit uninitialized stack data in padding 

struct can_frame contains some padding which is not explicitly zeroed in
slc_bump. This uninitialized data will then be transmitted if the stack
initialization hardening feature is not enabled (CONFIG_INIT_STACK_ALL).

This commit just zeroes the whole struct including the padding.

Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com>
Fixes: a1044e36e457 ("can: add slcan driver for serial/USB-serial CAN adapters")
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: linux-can@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: security@kernel.org
Cc: wg@grandegger.com
Cc: mkl@pengutronix.de
Cc: davem@davemloft.net
Acked-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

Showing 1 changed file with 1 additions and 3 deletions Side-by-side Diff

drivers/net/can/slcan.c
Diff comments   View file @ b9258a2
... ... @@ -148,7 +148,7 @@
148 148 u32 tmpid;
149 149 char *cmd = sl->rbuff;
150 150  
151   - cf.can_id = 0;
  151 + memset(&cf, 0, sizeof(cf));
152 152  
153 153 switch (*cmd) {
154 154 case 'r':
... ... @@ -186,8 +186,6 @@
186 186 cf.can_dlc -= '0';
187 187 else
188 188 return;
189   -
190   - *(u64 *) (&cf.data) = 0; /* clear payload */
191 189  
192 190 /* RTR frames may have a dlc > 0 but they never have any data bytes */
193 191 if (!(cf.can_id & CAN_RTR_FLAG)) {