| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1591692057-46380-1-git-send-email-wangxidong_97@163.com>
Date: Tue, 9 Jun 2020 01:40:57 -0700
From: Xidong Wang <wangxidong_97@....com>
To: Xidong Wang <wangxidong_97@....com>,
Doug Ledford <dledford@...hat.com>,
Jason Gunthorpe <jgg@...pe.ca>,
Yishai Hadas <yishaih@...lanox.com>,
Leon Romanovsky <leon@...nel.org>,
Max Gurtovoy <maxg@...lanox.com>,
Maor Gottlieb <maorg@...lanox.com>, linux-rdma@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH 1/1] RDMA/core: Don't copy uninitialized stack memory to userspace
From: xidongwang <wangxidong_97@....com>
ib_uverbs_create_ah() may copy stack allocated
structs to userspace without initializing all members of these
structs. Clear out this memory to prevent information leaks.
Signed-off-by: xidongwang <wangxidong_97@....com>
---
drivers/infiniband/core/uverbs_cmd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
index b48b3f6..04861e6 100644
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -2481,6 +2481,7 @@ static int ib_uverbs_create_ah(struct uverbs_attr_bundle *attrs)
uobj->user_handle = cmd.user_handle;
uobj->object = ah;
+ memset(&resp, 0, sizeof(resp));
resp.ah_handle = uobj->id;
ret = uverbs_response(attrs, &resp, sizeof(resp));
--
2.7.4
Powered by blists - more mailing lists