* [PATCH 2/8] char: hpet: fix information leak to userland
@ 2010-10-17 14:41 ` Vasiliy Kulikov
0 siblings, 0 replies; 4+ messages in thread
From: Vasiliy Kulikov @ 2010-10-17 14:41 UTC (permalink / raw)
To: kernel-janitors
Cc: Clemens Ladisch, Eric W. Biederman, Arnd Bergmann, Andrew Morton,
Frederic Weisbecker, Tejun Heo, linux-kernel
Structure info is copied to userland with some padding fields unitialized.
It leads to leaking of stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
---
Compile tested.
drivers/char/hpet.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c
index a4eee32..f6722ef 100644
--- a/drivers/char/hpet.c
+++ b/drivers/char/hpet.c
@@ -581,6 +581,7 @@ hpet_ioctl_common(struct hpet_dev *devp, int cmd, unsigned long arg,
break;
case HPET_INFO:
{
+ memset(info, 0, sizeof(*info));
if (devp->hd_ireqfreq)
info->hi_ireqfreq hpet_time_div(hpetp, devp->hd_ireqfreq);
--
1.7.0.4
^ permalink raw reply related [flat|nested] 4+ messages in thread* [PATCH 2/8] char: hpet: fix information leak to userland
@ 2010-10-17 14:41 ` Vasiliy Kulikov
0 siblings, 0 replies; 4+ messages in thread
From: Vasiliy Kulikov @ 2010-10-17 14:41 UTC (permalink / raw)
To: kernel-janitors
Cc: Clemens Ladisch, Eric W. Biederman, Arnd Bergmann, Andrew Morton,
Frederic Weisbecker, Tejun Heo, linux-kernel
Structure info is copied to userland with some padding fields unitialized.
It leads to leaking of stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
---
Compile tested.
drivers/char/hpet.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c
index a4eee32..f6722ef 100644
--- a/drivers/char/hpet.c
+++ b/drivers/char/hpet.c
@@ -581,6 +581,7 @@ hpet_ioctl_common(struct hpet_dev *devp, int cmd, unsigned long arg,
break;
case HPET_INFO:
{
+ memset(info, 0, sizeof(*info));
if (devp->hd_ireqfreq)
info->hi_ireqfreq =
hpet_time_div(hpetp, devp->hd_ireqfreq);
--
1.7.0.4
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH 2/8] char: hpet: fix information leak to userland
2010-10-17 14:41 ` Vasiliy Kulikov
@ 2010-10-18 15:10 ` Clemens Ladisch
-1 siblings, 0 replies; 4+ messages in thread
From: Clemens Ladisch @ 2010-10-18 15:10 UTC (permalink / raw)
To: Vasiliy Kulikov
Cc: kernel-janitors, Eric W. Biederman, Arnd Bergmann, Andrew Morton,
Frederic Weisbecker, Tejun Heo, linux-kernel
Vasiliy Kulikov wrote:
> Structure info is copied to userland with some padding fields unitialized.
> It leads to leaking of stack memory.
> --- a/drivers/char/hpet.c
> +++ b/drivers/char/hpet.c
> @@ -581,6 +581,7 @@ hpet_ioctl_common(struct hpet_dev *devp, int cmd, unsigned long arg,
> break;
> case HPET_INFO:
> {
> + memset(info, 0, sizeof(*info));
> if (devp->hd_ireqfreq)
> info->hi_ireqfreq > hpet_time_div(hpetp, devp->hd_ireqfreq);
This makes the following assignment "info->hi_ireqfreq = 0;" superfluous.
Regards,
Clemens
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH 2/8] char: hpet: fix information leak to userland
@ 2010-10-18 15:10 ` Clemens Ladisch
0 siblings, 0 replies; 4+ messages in thread
From: Clemens Ladisch @ 2010-10-18 15:10 UTC (permalink / raw)
To: Vasiliy Kulikov
Cc: kernel-janitors, Eric W. Biederman, Arnd Bergmann, Andrew Morton,
Frederic Weisbecker, Tejun Heo, linux-kernel
Vasiliy Kulikov wrote:
> Structure info is copied to userland with some padding fields unitialized.
> It leads to leaking of stack memory.
> --- a/drivers/char/hpet.c
> +++ b/drivers/char/hpet.c
> @@ -581,6 +581,7 @@ hpet_ioctl_common(struct hpet_dev *devp, int cmd, unsigned long arg,
> break;
> case HPET_INFO:
> {
> + memset(info, 0, sizeof(*info));
> if (devp->hd_ireqfreq)
> info->hi_ireqfreq =
> hpet_time_div(hpetp, devp->hd_ireqfreq);
This makes the following assignment "info->hi_ireqfreq = 0;" superfluous.
Regards,
Clemens
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-10-18 15:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-17 14:41 [PATCH 2/8] char: hpet: fix information leak to userland Vasiliy Kulikov
2010-10-17 14:41 ` Vasiliy Kulikov
2010-10-18 15:10 ` Clemens Ladisch
2010-10-18 15:10 ` Clemens Ladisch
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.