| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <o1tfvx3ftkp8gaxheeq61r4w.1284598759859@email.android.com> Date: Wed, 15 Sep 2010 20:59:19 -0400 From: Andy Walls <awalls@...metrocast.net> To: Dan Rosenberg <drosenberg@...curity.com> Cc: ivtv-devel@...vdriver.org, linux-media@...r.kernel.org, linux-kernel@...r.kernel.org, security@...nel.org, stable@...nel.org Subject: Re: [PATCH] drivers/media/video/ivtv/ivtvfb.c: prevent reading uninitialized stack memory Acked-by: Andy Walls <awalls@...metrocast.net> By tomorrow evening I'll put this in my repo and ask for Mauro to pull it. Regards, Andy Dan Rosenberg <drosenberg@...curity.com> wrote: >The FBIOGET_VBLANK device ioctl allows unprivileged users to read 16 >bytes of uninitialized stack memory, because the "reserved" member of >the fb_vblank struct declared on the stack is not altered or zeroed >before being copied back to the user. This patch takes care of it. > >Signed-off-by: Dan Rosenberg <dan.j.rosenberg@...il.com> > >--- linux-2.6.35.4.orig/drivers/media/video/ivtv/ivtvfb.c 2010-08-26 19:47:12.000000000 -0400 >+++ linux-2.6.35.4/drivers/media/video/ivtv/ivtvfb.c 2010-09-15 14:16:46.797375399 -0400 >@@ -458,6 +458,8 @@ static int ivtvfb_ioctl(struct fb_info * > struct fb_vblank vblank; > u32 trace; > >+ memset(&vblank, 0, sizeof(struct fb_vblank)); >+ > vblank.flags = FB_VBLANK_HAVE_COUNT |FB_VBLANK_HAVE_VCOUNT | > FB_VBLANK_HAVE_VSYNC; > trace = read_reg(IVTV_REG_DEC_LINE_FIELD) >> 16; > > > >
Powered by blists - more mailing lists