| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140503202700.GF32753@mwanda> Date: Sat, 3 May 2014 23:27:00 +0300 From: Dan Carpenter <dan.carpenter@...cle.com> To: David Airlie <airlied@...ux.ie>, Andrew Morton <akpm@...ux-foundation.org> Cc: linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org Subject: [patch resend] agp: info leak in agpioc_info_wrap() On 64 bit systems the agp_info struct has a 4 byte hole between ->agp_mode and ->aper_base. We need to clear it to avoid disclosing stack information to userspace. Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com> --- I sent this before on 13 Apr 2013 and a reminder on 31 May 2013 so now I'm going to try sneak it in through the akpm tree. diff --git a/drivers/char/agp/frontend.c b/drivers/char/agp/frontend.c index 8121b4c..b297033 100644 --- a/drivers/char/agp/frontend.c +++ b/drivers/char/agp/frontend.c @@ -730,6 +730,7 @@ static int agpioc_info_wrap(struct agp_file_private *priv, void __user *arg) agp_copy_info(agp_bridge, &kerninfo); + memset(&userinfo, 0, sizeof(userinfo)); userinfo.version.major = kerninfo.version.major; userinfo.version.minor = kerninfo.version.minor; userinfo.bridge_id = kerninfo.device->vendor | -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists