| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200727190013.324812-1-yepeilin.cs@gmail.com>
Date: Mon, 27 Jul 2020 15:00:13 -0400
From: Peilin Ye <yepeilin.cs@...il.com>
To: Jens Axboe <axboe@...nel.dk>
Cc: Peilin Ye <yepeilin.cs@...il.com>,
Dan Carpenter <dan.carpenter@...cle.com>,
Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel-mentees@...ts.linuxfoundation.org,
linux-block@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [Linux-kernel-mentees] [PATCH v2] block/scsi-ioctl: Prevent kernel-infoleak in scsi_put_cdrom_generic_arg()
scsi_put_cdrom_generic_arg() is copying uninitialized stack memory to
userspace due to the compiler not initializing holes in statically
allocated structures. Fix it by adding a padding field to `struct
compat_cdrom_generic_command`.
Cc: stable@...r.kernel.org
Fixes: f3ee6e63a9df ("compat_ioctl: move CDROM_SEND_PACKET handling into scsi")
Suggested-by: Dan Carpenter <dan.carpenter@...cle.com>
Suggested-by: Arnd Bergmann <arnd@...db.de>
Signed-off-by: Peilin Ye <yepeilin.cs@...il.com>
---
Change in v2:
- Add a padding field to `struct compat_cdrom_generic_command`,
instead of doing memset() on `cgc32`. (Suggested by Jens Axboe
<axboe@...nel.dk>)
block/scsi_ioctl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index ef722f04f88a..72108404718f 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -651,6 +651,7 @@ struct compat_cdrom_generic_command {
compat_int_t stat;
compat_caddr_t sense;
unsigned char data_direction;
+ unsigned char pad[3];
compat_int_t quiet;
compat_int_t timeout;
compat_caddr_t reserved[1];
--
2.25.1
Powered by blists - more mailing lists