| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1425931697-10301-1-git-send-email-mattew8898@gmail.com> Date: Mon, 9 Mar 2015 21:08:17 +0100 From: Matteo Semenzato <mattew8898@...il.com> To: gregkh@...uxfoundation.org, abbotti@....co.uk, hsweeten@...ionengravers.com Cc: devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org, Matteo Semenzato <mattew8898@...il.com> Subject: [PATCH] Staging: comedi: fix information leak From: Matteo Semenzato <mattew8898@...il.com> The comedi_cmd struct has an hole after chanlist_len that could contain uninitialized memory, this struct is copied to userspace. Signed-off-by: Matteo Semenato <mattew8898@...il.com> --- drivers/staging/comedi/comedi_fops.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c index 727640e..1cdf0a2 100644 --- a/drivers/staging/comedi/comedi_fops.c +++ b/drivers/staging/comedi/comedi_fops.c @@ -1718,6 +1718,8 @@ static int do_cmdtest_ioctl(struct comedi_device *dev, unsigned int __user *user_chanlist; int ret; + memset(&cmd, 0, sizeof(cmd)); + /* get the user's cmd and do some simple validation */ ret = __comedi_get_user_cmd(dev, arg, &cmd); if (ret) -- 2.3.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists