| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Dec 2013 08:46:07 +0100 From: Salva Peiró <speiro@....upv.es> To: linux-kernel@...r.kernel.org Cc: <security@...nel.org>, <linux-hams@...r.kernel.org>, <netdev@...r.kernel.org>, Jean-Paul Roubelat <jpr@...bb.org>, Salva Peiró <speiro@....upv.es>, <stable@...r.kernel.org> Subject: [PATCH] hamradio/yam: fix info leak in ioctl The yam_ioctl() code fails to initialise the cmd field of the struct yamdrv_ioctl_cfg. Add an explicit memset(0) before filling the structure to avoid the 4-byte info leak. Signed-off-by: Salva Peiró <speiro@....upv.es> CC: <stable@...r.kernel.org> --- drivers/net/hamradio/yam.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/hamradio/yam.c b/drivers/net/hamradio/yam.c index 1971411..bb02c8a 100644 --- a/drivers/net/hamradio/yam.c +++ b/drivers/net/hamradio/yam.c @@ -953,6 +953,7 @@ static int yam_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) struct yamdrv_ioctl_mcs *ym; int ioctl_cmd; + memset(&yi, 0, sizeof(yi)); if (copy_from_user(&ioctl_cmd, ifr->ifr_data, sizeof(int))) return -EFAULT; -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists