From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mail-yw0-f180.google.com ([209.85.161.180]:35838 "EHLO
	mail-yw0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756342AbcECUbL (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 3 May 2016 16:31:11 -0400
From: Kangjie Lu <kangjielu@gmail.com>
To: jlayton@poochiereds.net
Cc: bfields@fieldses.org, viro@zeniv.linux.org.uk,
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	taesoo@gatech.edu, insu@gatech.edu, Kangjie Lu <kjlu@gatech.edu>
Subject: [PATCH] fix infoleak in fcntl
Date: Tue,  3 May 2016 16:34:09 -0400
Message-Id: <1462307649-5833-1-git-send-email-kjlu@gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

The stack object “si” has a total size of 128 bytes; however, only
16 bytes are initialized. The remaining uninitialized bytes are
sent to userland via send_signal.

Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
---
 fs/fcntl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/fcntl.c b/fs/fcntl.c
index 350a2c8..d06f943 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -468,6 +468,7 @@ static void send_sigio_to_task(struct task_struct *p,
 			   delivered even if we can't queue.  Failure to
 			   queue in this case _should_ be reported; we fall
 			   back to SIGIO in that case. --sct */
+			memset(&si, 0, sizeof(si));
 			si.si_signo = signum;
 			si.si_errno = 0;
 		        si.si_code  = reason;
-- 
1.9.1