Re: [PATCH] kernel: sys.c: Avoid copying possible padding bytes in copy_to_user

From: Dan Carpenter
Date: Mon Oct 28 2019 - 03:21:48 EST

Next message: syzbot: "KASAN: use-after-free Read in io_uring_setup"
Previous message: Cheng-Yi Chiang: "[PATCH v9 6/6] ARM: dts: rockchip: Add HDMI audio support to rk3288-veyron-mickey.dts"
In reply to: Kees Cook: "Re: [PATCH] kernel: sys.c: Avoid copying possible padding bytes in copy_to_user"
Next in thread: Joe Perches: "Re: [PATCH] kernel: sys.c: Avoid copying possible padding bytes in copy_to_user"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Oct 26, 2019 at 12:46:08PM -0700, Joe Perches wrote:
> Initialization is not guaranteed to zero padding bytes so
> use an explicit memset instead to avoid leaking any kernel
> content in any possible padding bytes.
>
> Signed-off-by: Joe Perches <joe@xxxxxxxxxxx>
> ---
> kernel/sys.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/sys.c b/kernel/sys.c
> index a611d1..3459a5 100644
> --- a/kernel/sys.c
> +++ b/kernel/sys.c
> @@ -1279,11 +1279,13 @@ SYSCALL_DEFINE1(uname, struct old_utsname __user *, name)
>
> SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
> {
> - struct oldold_utsname tmp = {};
> + struct oldold_utsname tmp;

oldold_utsname doesn't have an struct holes. It looks like this:

struct oldold_utsname {
char sysname[9];
char nodename[9];
char release[9];
char version[9];
char machine[9];
};

regards,
dan carpenter

Next message: syzbot: "KASAN: use-after-free Read in io_uring_setup"
Previous message: Cheng-Yi Chiang: "[PATCH v9 6/6] ARM: dts: rockchip: Add HDMI audio support to rk3288-veyron-mickey.dts"
In reply to: Kees Cook: "Re: [PATCH] kernel: sys.c: Avoid copying possible padding bytes in copy_to_user"
Next in thread: Joe Perches: "Re: [PATCH] kernel: sys.c: Avoid copying possible padding bytes in copy_to_user"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]