projects
/
platform
/
kernel
/
linux-stable.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
027b180
)
block: cciss: fix information leak to userland
author
Vasiliy Kulikov
<segooon@gmail.com>
Thu, 28 Oct 2010 12:31:55 +0000
(06:31 -0600)
committer
Jens Axboe
<jaxboe@fusionio.com>
Thu, 28 Oct 2010 12:31:55 +0000
(06:31 -0600)
Structure IOCTL_Command_struct is copied to userland with
some padding fields at the end of the struct unitialized.
It leads to leaking of contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
drivers/block/cciss.c
patch
|
blob
|
history
diff --git
a/drivers/block/cciss.c
b/drivers/block/cciss.c
index
f09e6df
..
13d87a0
100644
(file)
--- a/
drivers/block/cciss.c
+++ b/
drivers/block/cciss.c
@@
-1184,6
+1184,7
@@
static int cciss_ioctl32_big_passthru(struct block_device *bdev, fmode_t mode,
int err;
u32 cp;
+ memset(&arg64, 0, sizeof(arg64));
err = 0;
err |=
copy_from_user(&arg64.LUN_info, &arg32->LUN_info,