* [PATCH] drivers/serial/serial_core.c: prevent reading uninitialized stack memory
@ 2010-09-15 21:44 Dan Rosenberg
0 siblings, 0 replies; only message in thread
From: Dan Rosenberg @ 2010-09-15 21:44 UTC (permalink / raw)
To: gregkh; +Cc: linux-kernel, security
The TIOCGICOUNT device ioctl allows unprivileged users to read
uninitialized stack memory, because the "reserved" member of the
serial_icounter_struct struct declared on the stack is not altered or
zeroed before being copied back to the user. This patch takes care of
it.
Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
--- linux-2.6.35.4.orig/drivers/serial/serial_core.c 2010-08-26 19:47:12.000000000 -0400
+++ linux-2.6.35.4/drivers/serial/serial_core.c 2010-09-15 13:57:04.767375072 -0400
@@ -1081,6 +1081,8 @@ static int uart_get_count(struct uart_st
struct uart_icount cnow;
struct uart_port *uport = state->uart_port;
+ memset(&icount, 0, sizeof(struct serial_icounter_struct));
+
spin_lock_irq(&uport->lock);
memcpy(&cnow, &uport->icount, sizeof(struct uart_icount));
spin_unlock_irq(&uport->lock);
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-09-15 21:50 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-09-15 21:44 [PATCH] drivers/serial/serial_core.c: prevent reading uninitialized stack memory Dan Rosenberg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.