projects / platform / upstream / libdrm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 81251bf)
Security fix. Zero pages before they are handed to user space.
authorThomas Hellstrom <thomas-at-tungstengraphics-dot-com>
Tue, 19 Dec 2006 22:23:17 +0000 (23:23 +0100)
committerThomas Hellstrom <thomas-at-tungstengraphics-dot-com>
Tue, 19 Dec 2006 22:23:17 +0000 (23:23 +0100)
Shared memory areas were not cleared when they are allocated and
handed to user space. Sensitive information may leak.

linux-core/drm_bufs.c patch | blob | history

diff --git a/linux-core/drm_bufs.c b/linux-core/drm_bufs.c
index d6ebc8d..ef110c2 100644 (file)
--- a/linux-core/drm_bufs.c
+++ b/linux-core/drm_bufs.c
@@ -202,6 +202,7 @@ static int drm_addmap_core(drm_device_t * dev, unsigned int offset,
                        drm_free(map, sizeof(*map), DRM_MEM_MAPS);
                        return -ENOMEM;
                }
+               memset(map->handle, 0, map->size);
                map->offset = (unsigned long)map->handle;
                if (map->flags & _DRM_CONTAINS_LOCK) {
                        /* Prevent a 2nd X Server from creating a 2nd lock */
Domain: System / Kernel;