| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130531124658.GU23987@mwanda> Date: Fri, 31 May 2013 15:46:58 +0300 From: Dan Carpenter <dan.carpenter@...cle.com> To: Corey Minyard <minyard@....org> Cc: openipmi-developer@...ts.sourceforge.net, linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org Subject: [patch v2] ipmi: info leak in compat_ipmi_ioctl() On x86_64 there is a 4 byte hole between ->recv_type and ->addr. Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com> --- v2: fixed the changelog a little. Also added LKML because the openipmi is a moderated list (and the moderator thought my email was spam). diff --git a/drivers/char/ipmi/ipmi_devintf.c b/drivers/char/ipmi/ipmi_devintf.c index 9eb360f..8e306ac 100644 --- a/drivers/char/ipmi/ipmi_devintf.c +++ b/drivers/char/ipmi/ipmi_devintf.c @@ -810,6 +810,7 @@ static long compat_ipmi_ioctl(struct file *filep, unsigned int cmd, struct ipmi_recv __user *precv64; struct ipmi_recv recv64; + memset(&recv64, 0, sizeof(recv64)); if (get_compat_ipmi_recv(&recv64, compat_ptr(arg))) return -EFAULT; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists