lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250506-iio-pressure-bmp280-zero-init-buffer-v1-1-0935c31558ac@baylibre.com>
Date: Tue, 06 May 2025 13:49:57 -0500
From: David Lechner <dlechner@...libre.com>
To: Jonathan Cameron <jic23@...nel.org>, 
 Nuno Sá <nuno.sa@...log.com>, 
 Andy Shevchenko <andy@...nel.org>
Cc: Jonathan Cameron <Jonathan.Cameron@...wei.com>, 
 linux-iio@...r.kernel.org, linux-kernel@...r.kernel.org, 
 Dan Carpenter <dan.carpenter@...aro.org>, 
 David Lechner <dlechner@...libre.com>
Subject: [PATCH] iio: bmp280: zero-init buffer

Zero-initialize the buffer used with iio_push_to_buffers_with_ts(). The
struct used for the buffer has holes in it, so we need to make sure that
the holes are zeroed out rather than containing uninitialized data from
the stack.

Reported-by: Dan Carpenter <dan.carpenter@...aro.org>
Closes: https://lore.kernel.org/linux-iio/aBoBR5D1UMjsSUfZ@stanley.mountain/
Fixes: 4e6c3c4801a6 ("iio: pressure: bmp280: drop sensor_data array")
Signed-off-by: David Lechner <dlechner@...libre.com>
---
The patch this fixes is currently in iio/togreg, so no need for stable
backport, etc.
---
 drivers/iio/pressure/bmp280-core.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c
index 5728cc18cced223284a2c41dc6dec6f47169c797..f37f20776c89173b0b2a8e28be0ef9aa30ceea53 100644
--- a/drivers/iio/pressure/bmp280-core.c
+++ b/drivers/iio/pressure/bmp280-core.c
@@ -1237,6 +1237,9 @@ static irqreturn_t bme280_trigger_handler(int irq, void *p)
 	} buffer;
 	int ret;
 
+	/* Don't leak uninitialized stack to userspace. */
+	memset(&buffer, 0, sizeof(buffer));
+
 	guard(mutex)(&data->lock);
 
 	/* Burst read data registers */

---
base-commit: 7a175d9667b21b2495913ec7496a6c20aa7a4a89
change-id: 20250506-iio-pressure-bmp280-zero-init-buffer-942dd4f48719

Best regards,
-- 
David Lechner <dlechner@...libre.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ