| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Nov 2022 07:55:56 +0100
From: Takashi Iwai <tiwai@...e.de>
To: Xiaolong Huang <butterflyhuangxx@...il.com>
Cc: perex@...ex.cz, tiwai@...e.com, baolin.wang@...ux.alibaba.com,
alsa-devel@...a-project.org, linux-kernel@...r.kernel.org
Subject: Re: [RESEND PATCH] ALSA: rawmidi: fix infoleak in snd_rawmidi_ioctl_status_compat64
On Wed, 23 Nov 2022 06:09:11 +0100,
Xiaolong Huang wrote:
>
> The compat_status is declared off of the stack, so it needs to
> be zeroed out before copied back to userspace to prevent any
> unintentional data leakage.
>
> Fixes: d9e5582c4bb2 ("ALSA: Avoid using timespec for struct snd_rawmidi_status")
> Signed-off-by: Xiaolong Huang <butterflyhuangxx@...il.com>
>
> ---
>
> Reason for resend:
> 1. add Fixes line.
> ---
> sound/core/rawmidi_compat.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/sound/core/rawmidi_compat.c b/sound/core/rawmidi_compat.c
> index 68a93443583c..6afa68165b17 100644
> --- a/sound/core/rawmidi_compat.c
> +++ b/sound/core/rawmidi_compat.c
> @@ -80,6 +80,7 @@ static int snd_rawmidi_ioctl_status_compat64(struct snd_rawmidi_file *rfile,
> if (err < 0)
> return err;
>
> + memset(&compat_status, 0, sizeof(compat_status));
> compat_status = (struct compat_snd_rawmidi_status64) {
> .stream = status.stream,
> .tstamp_sec = status.tstamp_sec,
Here at the line just after your addition, compat_status is fully
initialized by substitution, so I believe the memset is superfluous.
Or have you verified that it really leaks the uninitialized memory?
thanks,
Takashi
Powered by blists - more mailing lists