| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160714111653.GA30452@mwanda>
Date: Thu, 14 Jul 2016 14:16:53 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Zhao Qiang <qiang.zhao@....com>
Cc: netdev@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
kernel-janitors@...r.kernel.org, walter harms <wharms@....de>
Subject: [patch v2 -next] wan/fsl_ucc_hdlc: info leak in uhdlc_ioctl()
There is a 2 byte struct whole after line.loopback so we need to clear
that out to avoid disclosing stack information.
Fixes: c19b6d246a35 ('drivers/net: support hdlc function for QE-UCC')
Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
---
v2: remove the other initialization to zero
diff --git a/drivers/net/wan/fsl_ucc_hdlc.c b/drivers/net/wan/fsl_ucc_hdlc.c
index 19174ac..6edd48a 100644
--- a/drivers/net/wan/fsl_ucc_hdlc.c
+++ b/drivers/net/wan/fsl_ucc_hdlc.c
@@ -635,9 +635,8 @@ static int uhdlc_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
ifr->ifr_settings.size = size; /* data size wanted */
return -ENOBUFS;
}
+ memset(&line, 0, sizeof(line));
line.clock_type = priv->clocking;
- line.clock_rate = 0;
- line.loopback = 0;
if (copy_to_user(ifr->ifr_settings.ifs_ifsu.sync, &line, size))
return -EFAULT;
Powered by blists - more mailing lists