| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130531122658.GT23987@mwanda> Date: Fri, 31 May 2013 15:26:58 +0300 From: Dan Carpenter <dan.carpenter@...cle.com> To: David Airlie <airlied@...ux.ie> Cc: linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org Subject: Re: [patch] agp: info leak in agpioc_info_wrap() Ping? regards, dan carpenter On Sat, Apr 13, 2013 at 12:16:11PM +0300, Dan Carpenter wrote: > On 64 bit systems the agp_info struct has a hole between ->agp_mode and > ->aper_base. We need to clear it to avoid leaking stack information to > userspace. > > Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com> > > diff --git a/drivers/char/agp/frontend.c b/drivers/char/agp/frontend.c > index 2e04433..3fbce33 100644 > --- a/drivers/char/agp/frontend.c > +++ b/drivers/char/agp/frontend.c > @@ -729,6 +729,7 @@ static int agpioc_info_wrap(struct agp_file_private *priv, void __user *arg) > > agp_copy_info(agp_bridge, &kerninfo); > > + memset(&userinfo, 0, sizeof(userinfo)); > userinfo.version.major = kerninfo.version.major; > userinfo.version.minor = kerninfo.version.minor; > userinfo.bridge_id = kerninfo.device->vendor | -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists