| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1284587045.6275.98.camel@dan> Date: Wed, 15 Sep 2010 17:44:05 -0400 From: Dan Rosenberg <drosenberg@...curity.com> To: linux-kernel@...r.kernel.org Cc: security@...nel.org, stable@...nel.org Subject: [PATCH] drivers/char/amiserial.c: prevent reading uninitialized stack memory The TIOCGICOUNT device ioctl allows unprivileged users to read uninitialized stack memory, because the "reserved" member of the serial_icounter_struct struct declared on the stack is not altered or zeroed before being copied back to the user. This patch takes care of it. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@...il.com> --- linux-2.6.35.4.orig/drivers/char/amiserial.c 2010-08-26 19:47:12.000000000 -0400 +++ linux-2.6.35.4/drivers/char/amiserial.c 2010-09-15 13:58:00.217343289 -0400 @@ -1342,6 +1342,9 @@ static int rs_ioctl(struct tty_struct *t local_irq_save(flags); cnow = info->state->icount; local_irq_restore(flags); + + memset(&icount, 0, sizeof(struct serial_icounter_struct)); + icount.cts = cnow.cts; icount.dsr = cnow.dsr; icount.rng = cnow.rng; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists