xfrm: Use memset_after() to clear padding

author Kees Cook <keescook@chromium.org>

Thu, 17 Jun 2021 15:34:19 +0000 (08:34 -0700)

committer Kees Cook <keescook@chromium.org>

Thu, 26 Aug 2021 02:53:57 +0000 (19:53 -0700)
author Kees Cook <keescook@chromium.org>
Thu, 17 Jun 2021 15:34:19 +0000 (08:34 -0700)
committer Kees Cook <keescook@chromium.org>
Thu, 26 Aug 2021 02:53:57 +0000 (19:53 -0700)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c

index 827d842550217fd521f154b1111d94d75ca9e59e..a21af241a2bba39c79d6d16e45ed34b1ec14eb92 100644 (file)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2494,9 +2494,7 @@ static inline struct xfrm_dst *xfrm_alloc_dst(struct net *net, int family)
         xdst = dst_alloc(dst_ops, NULL, 1, DST_OBSOLETE_NONE, 0);
  
         if (likely(xdst)) {
-               struct dst_entry *dst = &xdst->u.dst;
-
-               memset(dst + 1, 0, sizeof(*xdst) - sizeof(*dst));
+               memset_after(xdst, 0, u.dst);
         } else
                 xdst = ERR_PTR(-ENOBUFS);
  
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c

index b47d613409b70ad2c290c8542474ea2ea7e8b678..880d260541c96a50a86168a574080bf769f3ed03 100644 (file)
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2845,7 +2845,7 @@ static int build_expire(struct sk_buff *skb, struct xfrm_state *x, const struct
         copy_to_user_state(x, &ue->state);
         ue->hard = (c->data.hard != 0) ? 1 : 0;
         /* clear the padding bytes */
-       memset(&ue->hard + 1, 0, sizeof(*ue) - offsetofend(typeof(*ue), hard));
+       memset_after(ue, 0, hard);
  
         err = xfrm_mark_put(skb, &x->mark);
         if (err)
author	Kees Cook <keescook@chromium.org>
	Thu, 17 Jun 2021 15:34:19 +0000 (08:34 -0700)
committer	Kees Cook <keescook@chromium.org>
	Thu, 26 Aug 2021 02:53:57 +0000 (19:53 -0700)
net/xfrm/xfrm_policy.c		patch \| blob \| history
net/xfrm/xfrm_user.c		patch \| blob \| history