| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Mar 2022 03:33:07 +0000
From: cgel.zte@...il.com
To: krzysztof.kozlowski@...onical.com
Cc: davem@...emloft.net, kuba@...nel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org,
"Minghao Chi (CGEL ZTE)" <chi.minghao@....com.cn>,
Zeal Robot <zealci@....com.cn>
Subject: [PATCH V2] net/nfc/nci: fix infoleak in struct nci_set_config_param
From: "Minghao Chi (CGEL ZTE)" <chi.minghao@....com.cn>
On 64-bit systems, struct nci_set_config_param has
an added padding of 7 bytes between struct members
id and len. Even though all struct members are initialized,
the 7-byte hole will contain data from the kernel stack.
This patch zeroes out struct nci_set_config_param before
usage, preventing infoleaks to userspace.
v1->v2:
-Modify the title.
-Add explanatory information.
Reported-by: Zeal Robot <zealci@....com.cn>
Signed-off-by: Minghao Chi (CGEL ZTE) <chi.minghao@....com.cn>
---
net/nfc/nci/core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index d2537383a3e8..32be42be1152 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -641,6 +641,7 @@ int nci_set_config(struct nci_dev *ndev, __u8 id, size_t len, const __u8 *val)
if (!val || !len)
return 0;
+ memset(¶m, 0x0, sizeof(param));
param.id = id;
param.len = len;
param.val = val;
--
2.25.1
Powered by blists - more mailing lists