| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <78d90a98-7bd5-1604-cc27-90842c365ecf@kernel.dk>
Date: Mon, 27 Jul 2020 10:25:42 -0600
From: Jens Axboe <axboe@...nel.dk>
To: Peilin Ye <yepeilin.cs@...il.com>
Cc: Dan Carpenter <dan.carpenter@...cle.com>,
Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel-mentees@...ts.linuxfoundation.org,
linux-block@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [Linux-kernel-mentees] [PATCH] block/scsi-ioctl: Prevent
kernel-infoleak in scsi_put_cdrom_generic_arg()
On 7/27/20 10:19 AM, Peilin Ye wrote:
> scsi_put_cdrom_generic_arg() is copying uninitialized stack memory to
> userspace due to the compiler not initializing holes in statically
> allocated structures. Fix it by initializing `cgc32` using memset().
Could also just add the appropriate pad, so the compiler does the
right thing.
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index ef722f04f88a..72108404718f 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -651,6 +651,7 @@ struct compat_cdrom_generic_command {
compat_int_t stat;
compat_caddr_t sense;
unsigned char data_direction;
+ unsigned char pad[3];
compat_int_t quiet;
compat_int_t timeout;
compat_caddr_t reserved[1];
--
Jens Axboe
Powered by blists - more mailing lists