| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1594006058-30362-1-git-send-email-wangxidong_97@163.com>
Date: Sun, 5 Jul 2020 20:27:38 -0700
From: Xidong Wang <wangxidong_97@....com>
To: Xidong Wang <wangxidong_97@....com>,
Jaroslav Kysela <perex@...ex.cz>,
Takashi Iwai <tiwai@...e.com>, alsa-devel@...a-project.org,
linux-kernel@...r.kernel.org
Subject: [PATCH 1/1] ALSA: opl3: fix infoleak in opl3
From: xidongwang <wangxidong_97@....com>
The stack object “info” in snd_opl3_ioctl() has a leaking problem.
It has 2 padding bytes which are not initialized and leaked via
“copy_to_user”.
Signed-off-by: xidongwang <wangxidong_97@....com>
---
sound/drivers/opl3/opl3_synth.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sound/drivers/opl3/opl3_synth.c b/sound/drivers/opl3/opl3_synth.c
index e69a4ef..08c10ac 100644
--- a/sound/drivers/opl3/opl3_synth.c
+++ b/sound/drivers/opl3/opl3_synth.c
@@ -91,6 +91,8 @@ int snd_opl3_ioctl(struct snd_hwdep * hw, struct file *file,
{
struct snd_dm_fm_info info;
+ memset(&info, 0, sizeof(info));
+
info.fm_mode = opl3->fm_mode;
info.rhythm = opl3->rhythm;
if (copy_to_user(argp, &info, sizeof(struct snd_dm_fm_info)))
--
2.7.4
Powered by blists - more mailing lists