staging/ozwpan: info leak in oz_cdev_ioctl()
authorDan Carpenter <dan.carpenter@oracle.com>
Sun, 21 Apr 2013 11:07:53 +0000 (14:07 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 22 Apr 2013 17:25:46 +0000 (10:25 -0700)
If we're not maxed out then oz_get_pd_list() leaves part of the "list"
struct uninitialized.  We should clear this so that no stack information
is leaked to userspace.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/ozwpan/ozcdev.c

index ba15aeb..27d0666 100644 (file)
@@ -253,6 +253,7 @@ static long oz_cdev_ioctl(struct file *filp, unsigned int cmd,
        case OZ_IOCTL_GET_PD_LIST: {
                        struct oz_pd_list list;
                        oz_trace("OZ_IOCTL_GET_PD_LIST\n");
+                       memset(&list, 0, sizeof(list));
                        list.count = oz_get_pd_list(list.addr, OZ_MAX_PDS);
                        if (copy_to_user((void __user *)arg, &list,
                                sizeof(list)))