* [patch] aacraid: information leak in aac_send_raw_srb()
@ 2017-02-07 15:00 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2017-02-07 15:00 UTC (permalink / raw)
To: Adaptec OEM Raid Solutions, Raghava Aditya Renukunta
Cc: James E.J. Bottomley, Martin K. Petersen, linux-scsi,
kernel-janitors
The aac_srb_reply struct ends in a 2 byte hole so we end up leaking a
bit of information to user space.
Fixes: 423400e64d37 ("scsi: aacraid: Include HBA direct interface")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index 614842a9eb07..12dc867b7c74 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -948,6 +948,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
&((struct aac_native_hba *)srbfib->hw_fib_va)->resp.err;
struct aac_srb_reply reply;
+ memset(&reply, 0, sizeof(reply));
reply.status = ST_OK;
if (srbfib->flags & FIB_CONTEXT_FLAG_FASTRESP) {
/* fast response */
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2017-02-07 15:00 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-02-07 15:00 [patch] aacraid: information leak in aac_send_raw_srb() Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).