From: Salva Peiró <speiro@ai2.upv.es>
Date: Wed, 30 Apr 2014 17:48:02 +0000 (+0200)
Subject: media: media-device: fix infoleak in ioctl media_enum_entities()
X-Git-Tag: submit/tizen_common/20140730.172411~705
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=429f444ee6aea8146c115dded7b8b0214cea5e2d;p=profile%2Fivi%2Fkernel-x86-ivi.git

media: media-device: fix infoleak in ioctl media_enum_entities()

commit e6a623460e5fc960ac3ee9f946d3106233fd28d8 upstream.

This fixes CVE-2014-1739.

Signed-off-by: Salva Peiró <speiro@ai2.upv.es>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/media/media-device.c b/drivers/media/media-device.c
index d5a7a13..703560f 100644
--- a/drivers/media/media-device.c
+++ b/drivers/media/media-device.c
@@ -93,6 +93,7 @@ static long media_device_enum_entities(struct media_device *mdev,
 	struct media_entity *ent;
 	struct media_entity_desc u_ent;
 
+	memset(&u_ent, 0, sizeof(u_ent));
 	if (copy_from_user(&u_ent.id, &uent->id, sizeof(u_ent.id)))
 		return -EFAULT;