lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1462307768-5929-1-git-send-email-kjlu@gatech.edu>
Date:	Tue,  3 May 2016 16:36:08 -0400
From:	Kangjie Lu <kangjielu@...il.com>
To:	catalin.marinas@....com
Cc:	will.deacon@....com, james.morse@....com,
	linux-kernel@...r.kernel.org, Kangjie Lu <kjlu@...ech.edu>
Subject: [PATCH] fix infoleak in mm

The stack object “si” has a total size of 128; however, only 20
bytes are initialized. The remaining uninitialized bytes are sent
to userland via send_signal

Signed-off-by: Kangjie Lu <kjlu@...ech.edu>
---
 arch/arm64/mm/fault.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
index 95df28b..f790eda 100644
--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@@ -117,6 +117,7 @@ static void __do_user_fault(struct task_struct *tsk, unsigned long addr,
 {
 	struct siginfo si;
 
+	memset(&si, 0, sizeof(si));
 	if (unhandled_signal(tsk, sig) && show_unhandled_signals_ratelimited()) {
 		pr_info("%s[%d]: unhandled %s (%d) at 0x%08lx, esr 0x%03x\n",
 			tsk->comm, task_pid_nr(tsk), fault_name(esr), sig,
-- 
1.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ