From 38e360ea72f11241adede7ea2b22d8d536fe490b Mon Sep 17 00:00:00 2001
From: Avijit Kanti Das <avijitnsec@codeaurora.org>
Date: Thu, 8 Jun 2017 15:41:00 +0200
Subject: [PATCH 5/5] net: Zeroing the structure ethtool_wolinfo in
 ethtool_get_wol()

CVE-2014-9900

memset() the structure ethtool_wolinfo that has padded bytes
but the padded bytes have not been zeroed out.

Change-Id: If3fd2d872a1b1ab9521d937b86a29fc468a8bbfe
Signed-off-by: Avijit Kanti Das <avijitnsec@codeaurora.org>
(cherry-picked from commit 63c317dbee97983004dffdd9f742a20d17150071
 https://source.codeaurora.org/quic/la/kernel/msm-3.10)
Signed-off-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Colin King <colin.king@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 net/core/ethtool.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index d92de0a1f0a4..c06c6acf78c5 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -1449,11 +1449,13 @@ static int ethtool_reset(struct net_device *dev, char __user *useraddr)
 
 static int ethtool_get_wol(struct net_device *dev, char __user *useraddr)
 {
-	struct ethtool_wolinfo wol = { .cmd = ETHTOOL_GWOL };
+	struct ethtool_wolinfo wol;
 
 	if (!dev->ethtool_ops->get_wol)
 		return -EOPNOTSUPP;
 
+	memset(&wol, 0, sizeof(struct ethtool_wolinfo));
+	wol.cmd = ETHTOOL_GWOL;
 	dev->ethtool_ops->get_wol(dev, &wol);
 
 	if (copy_to_user(useraddr, &wol, sizeof(wol)))
-- 
2.11.0