[PATCH v2] IPC: Initialize structure memory to zero for compat functions

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH v2] IPC: Initialize structure memory to zero for compat functions
@ 2010-10-07  1:21 Dan Rosenberg
  0 siblings, 0 replies; only message in thread
From: Dan Rosenberg @ 2010-10-07  1:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: stable, security

Please ignore the previous patch, no sense in splitting these up.

This takes care of leaking uninitialized kernel stack memory to
userspace from non-zeroed fields in structs in compat ipc functions.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>

diff -urp linux-2.6.35.5.orig/ipc/compat.c linux-2.6.35.5/ipc/compat.c
--- linux-2.6.35.5.orig/ipc/compat.c	2010-09-20 16:59:09.000000000 -0400
+++ linux-2.6.35.5/ipc/compat.c	2010-10-06 21:19:04.000000000 -0400
@@ -237,7 +237,7 @@ long compat_sys_semctl(int first, int se
 	union semun fourth;
 	u32 pad;
 	int err, err2;
-	struct semid64_ds s64;
+	struct semid64_ds s64 = {};
 	struct semid64_ds __user *up64;
 	int version = compat_ipc_parse_version(&third);
 
@@ -417,7 +417,7 @@ static inline int put_compat_msqid_ds(st
 long compat_sys_msgctl(int first, int second, void __user *uptr)
 {
 	int err, err2;
-	struct msqid64_ds m64;
+	struct msqid64_ds m64 = {};
 	int version = compat_ipc_parse_version(&second);
 	void __user *p;
 
diff -urp linux-2.6.35.5.orig/ipc/compat_mq.c linux-2.6.35.5/ipc/compat_mq.c
--- linux-2.6.35.5.orig/ipc/compat_mq.c	2010-09-20 16:59:09.000000000 -0400
+++ linux-2.6.35.5/ipc/compat_mq.c	2010-10-06 20:55:08.000000000 -0400
@@ -52,7 +52,7 @@ asmlinkage long compat_sys_mq_open(const
 {
 	void __user *p = NULL;
 	if (u_attr && oflag & O_CREAT) {
-		struct mq_attr attr;
+		struct mq_attr attr = {};
 		p = compat_alloc_user_space(sizeof(attr));
 		if (get_compat_mq_attr(&attr, u_attr) ||
 		    copy_to_user(p, &attr, sizeof(attr)))
@@ -123,7 +123,7 @@ asmlinkage long compat_sys_mq_getsetattr
 			const struct compat_mq_attr __user *u_mqstat,
 			struct compat_mq_attr __user *u_omqstat)
 {
-	struct mq_attr mqstat;
+	struct mq_attr mqstat = {};
 	struct mq_attr __user *p = compat_alloc_user_space(2 * sizeof(*p));
 	long ret;
 




^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2010-10-07  1:21 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-07  1:21 [PATCH v2] IPC: Initialize structure memory to zero for compat functions Dan Rosenberg

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.