[PATCH 1/8] char: applicom: fix information leak to userland

From: Vasiliy Kulikov
Date: Sun Oct 17 2010 - 10:41:34 EST

Next message: Vasiliy Kulikov: "[PATCH 2/8] char: hpet: fix information leak to userland"
Previous message: Eric Paris: "Re: ima: use of radix tree cache indexing == massive waste ofmemory?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Structure st_loc is copied to userland with some fields unitialized.
It leads to leaking of stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@xxxxxxxxx>
---
Compile tested.

drivers/char/applicom.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/drivers/char/applicom.c b/drivers/char/applicom.c
index e7ba774..25373df 100644
--- a/drivers/char/applicom.c
+++ b/drivers/char/applicom.c
@@ -566,6 +566,7 @@ static ssize_t ac_read (struct file *filp, char __user *buf, size_t count, loff_
struct mailbox mailbox;

/* Got a packet for us */
+ memset(&st_loc, 0, sizeof(st_loc));
ret = do_ac_read(i, buf, &st_loc, &mailbox);
spin_unlock_irqrestore(&apbs[i].mutex, flags);
set_current_state(TASK_RUNNING);
--
1.7.0.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vasiliy Kulikov: "[PATCH 2/8] char: hpet: fix information leak to userland"
Previous message: Eric Paris: "Re: ima: use of radix tree cache indexing == massive waste ofmemory?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]