* [patch] paride: potential information leak in pg_read()
@ 2011-09-23 6:25 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2011-09-23 6:25 UTC (permalink / raw)
To: Tim Waugh; +Cc: linux-kernel, kernel-janitors
Smatch has a new check for Rosenberg type information leaks where
structs are copied to the user with uninitialized stack data in them.
i
In this case, the pg_write_hdr struct has a hole in it.
struct pg_write_hdr {
char magic; /* 0 1 */
char func; /* 1 1 */
/* XXX 2 bytes hole, try to pack */
int dlen; /* 4 4 */
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/block/paride/pg.c b/drivers/block/paride/pg.c
index 6b9a200..a79fb4f 100644
--- a/drivers/block/paride/pg.c
+++ b/drivers/block/paride/pg.c
@@ -630,6 +630,7 @@ static ssize_t pg_read(struct file *filp, char __user *buf, size_t count, loff_t
if (dev->status & 0x10)
return -ETIME;
+ memset(&hdr, 0, sizeof(hdr));
hdr.magic = PG_MAGIC;
hdr.dlen = dev->dlen;
copy = 0;
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2011-09-23 6:25 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-09-23 6:25 [patch] paride: potential information leak in pg_read() Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox