| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210111154851.325404-2-luzmaximilian@gmail.com>
Date: Mon, 11 Jan 2021 16:48:50 +0100
From: Maximilian Luz <luzmaximilian@...il.com>
To: platform-driver-x86@...r.kernel.org
Cc: Maximilian Luz <luzmaximilian@...il.com>,
Hans de Goede <hdegoede@...hat.com>,
Mark Gross <mgross@...ux.intel.com>,
Colin Ian King <colin.king@...onical.com>,
linux-kernel@...r.kernel.org
Subject: [PATCH -next 1/2] platform/surface: aggregator_cdev: Fix access of uninitialized variables
When copy_struct_from_user() in ssam_cdev_request() fails, we directly
jump to the 'out' label. In this case, however 'spec' and 'rsp' are not
initialized, but we still access fields of those variables. Fix this by
initializing them at the time of their declaration.
Reported-by: Colin Ian King <colin.king@...onical.com>
Fixes: 178f6ab77e61 ("platform/surface: Add Surface Aggregator user-space interface")
Addresses-Coverity: ("Uninitialized pointer read")
Signed-off-by: Maximilian Luz <luzmaximilian@...il.com>
---
drivers/platform/surface/surface_aggregator_cdev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/platform/surface/surface_aggregator_cdev.c b/drivers/platform/surface/surface_aggregator_cdev.c
index 340d15b148b9..979340cdd9de 100644
--- a/drivers/platform/surface/surface_aggregator_cdev.c
+++ b/drivers/platform/surface/surface_aggregator_cdev.c
@@ -66,8 +66,8 @@ static long ssam_cdev_request(struct ssam_cdev *cdev, unsigned long arg)
{
struct ssam_cdev_request __user *r;
struct ssam_cdev_request rqst;
- struct ssam_request spec;
- struct ssam_response rsp;
+ struct ssam_request spec = {};
+ struct ssam_response rsp = {};
const void __user *plddata;
void __user *rspdata;
int status = 0, ret = 0, tmp;
--
2.30.0
Powered by blists - more mailing lists