projects / platform / adaptation / renesas_rcar / renesas_kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ffd7d6b)
drivers/char/applicom.c: fix information leak to userland
authorVasiliy Kulikov <segooon@gmail.com>
Wed, 27 Oct 2010 22:34:21 +0000 (15:34 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 28 Oct 2010 01:03:14 +0000 (18:03 -0700)
Structure st_loc is copied to userland with some fields unitialized.  It
leads to leaking of stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/char/applicom.c patch | blob | history

diff --git a/drivers/char/applicom.c b/drivers/char/applicom.c
index e7ba774..25373df 100644 (file)
--- a/drivers/char/applicom.c
+++ b/drivers/char/applicom.c
@@ -566,6 +566,7 @@ static ssize_t ac_read (struct file *filp, char __user *buf, size_t count, loff_
                                struct mailbox mailbox;
 
                                /* Got a packet for us */
+                               memset(&st_loc, 0, sizeof(st_loc));
                                ret = do_ac_read(i, buf, &st_loc, &mailbox);
                                spin_unlock_irqrestore(&apbs[i].mutex, flags);
                                set_current_state(TASK_RUNNING);
Domain: System / Uncategorized;