From mboxrd@z Thu Jan  1 00:00:00 1970
From: Takashi Iwai <tiwai@suse.de>
Subject: Re: [patch] [ALSA] sb16 - info leak in snd_sb_csp_ioctl()
Date: Thu, 07 Nov 2013 09:48:08 +0100
Message-ID: <s5hli10vbqv.wl%tiwai@suse.de>
References: <20131107080954.GS21844@elgon.mountain>
Mime-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Return-path: <kernel-janitors-owner@vger.kernel.org>
In-Reply-To: <20131107080954.GS21844@elgon.mountain>
Sender: kernel-janitors-owner@vger.kernel.org
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Jaroslav Kysela <perex@perex.cz>, alsa-devel@alsa-project.org, kernel-janitors@vger.kernel.org
List-Id: alsa-devel@alsa-project.org

At Thu, 7 Nov 2013 11:09:54 +0300,
Dan Carpenter wrote:
> 
> There is a 2 byte hole after "info.func_nr" so we could leak unitialized
> stack information to userspace.
> 
> Fixes: 1da177e4c3f4 ('Linux-2.6.12-rc2')

Does this help at all?  It means that the bug has been there even
before moving to git.  I think it's better to be removed for avoid
confusion.


thanks,

Takashi

> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/sound/isa/sb/sb16_csp.c b/sound/isa/sb/sb16_csp.c
> index c1aa21e..48da227 100644
> --- a/sound/isa/sb/sb16_csp.c
> +++ b/sound/isa/sb/sb16_csp.c
> @@ -208,6 +208,7 @@ static int snd_sb_csp_ioctl(struct snd_hwdep * hw, struct file *file, unsigned i
>  	switch (cmd) {
>  		/* get information */
>  	case SNDRV_SB_CSP_IOCTL_INFO:
> +		memset(&info, 0, sizeof(info));
>  		*info.codec_name = *p->codec_name;
>  		info.func_nr = p->func_nr;
>  		info.acc_format = p->acc_format;
> 

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Takashi Iwai <tiwai@suse.de>
Date: Thu, 07 Nov 2013 08:48:08 +0000
Subject: Re: [patch] [ALSA] sb16 - info leak in snd_sb_csp_ioctl()
Message-Id: <s5hli10vbqv.wl%tiwai@suse.de>
List-Id: <kernel-janitors.vger.kernel.org>
References: <20131107080954.GS21844@elgon.mountain>
In-Reply-To: <20131107080954.GS21844@elgon.mountain>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Jaroslav Kysela <perex@perex.cz>, alsa-devel@alsa-project.org, kernel-janitors@vger.kernel.org

At Thu, 7 Nov 2013 11:09:54 +0300,
Dan Carpenter wrote:
> 
> There is a 2 byte hole after "info.func_nr" so we could leak unitialized
> stack information to userspace.
> 
> Fixes: 1da177e4c3f4 ('Linux-2.6.12-rc2')

Does this help at all?  It means that the bug has been there even
before moving to git.  I think it's better to be removed for avoid
confusion.


thanks,

Takashi

> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/sound/isa/sb/sb16_csp.c b/sound/isa/sb/sb16_csp.c
> index c1aa21e..48da227 100644
> --- a/sound/isa/sb/sb16_csp.c
> +++ b/sound/isa/sb/sb16_csp.c
> @@ -208,6 +208,7 @@ static int snd_sb_csp_ioctl(struct snd_hwdep * hw, struct file *file, unsigned i
>  	switch (cmd) {
>  		/* get information */
>  	case SNDRV_SB_CSP_IOCTL_INFO:
> +		memset(&info, 0, sizeof(info));
>  		*info.codec_name = *p->codec_name;
>  		info.func_nr = p->func_nr;
>  		info.acc_format = p->acc_format;
>