[patch] [media] media: info leak in __media_device_enum

public inbox for linux-media@vger.kernel.org
 help / color / mirror / Atom feed

* [patch] [media] media: info leak in __media_device_enum_links()
@ 2013-04-13  9:32 Dan Carpenter
  2013-05-31 12:24 ` Dan Carpenter
  0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2013-04-13  9:32 UTC (permalink / raw)
  To: Mauro Carvalho Chehab; +Cc: linux-media, kernel-janitors

These structs have holes and reserved struct members which aren't
cleared.  I've added a memset() so we don't leak stack information.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/drivers/media/media-device.c b/drivers/media/media-device.c
index 99b80b6..450c0d1 100644
--- a/drivers/media/media-device.c
+++ b/drivers/media/media-device.c
@@ -139,6 +139,8 @@ static long __media_device_enum_links(struct media_device *mdev,
 
 		for (p = 0; p < entity->num_pads; p++) {
 			struct media_pad_desc pad;
+
+			memset(&pad, 0, sizeof(pad));
 			media_device_kpad_to_upad(&entity->pads[p], &pad);
 			if (copy_to_user(&links->pads[p], &pad, sizeof(pad)))
 				return -EFAULT;
@@ -156,6 +158,7 @@ static long __media_device_enum_links(struct media_device *mdev,
 			if (entity->links[l].source->entity != entity)
 				continue;
 
+			memset(&link, 0, sizeof(link));
 			media_device_kpad_to_upad(entity->links[l].source,
 						  &link.source);
 			media_device_kpad_to_upad(entity->links[l].sink,

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [patch] [media] media: info leak in __media_device_enum_links()
  2013-04-13  9:32 [patch] [media] media: info leak in __media_device_enum_links() Dan Carpenter
@ 2013-05-31 12:24 ` Dan Carpenter
  2013-06-10 10:07   ` Laurent Pinchart
  0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2013-05-31 12:24 UTC (permalink / raw)
  To: Mauro Carvalho Chehab; +Cc: linux-media, kernel-janitors

Ping?

regards,
dan carpenter

On Sat, Apr 13, 2013 at 12:32:15PM +0300, Dan Carpenter wrote:
> These structs have holes and reserved struct members which aren't
> cleared.  I've added a memset() so we don't leak stack information.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/drivers/media/media-device.c b/drivers/media/media-device.c
> index 99b80b6..450c0d1 100644
> --- a/drivers/media/media-device.c
> +++ b/drivers/media/media-device.c
> @@ -139,6 +139,8 @@ static long __media_device_enum_links(struct media_device *mdev,
>  
>  		for (p = 0; p < entity->num_pads; p++) {
>  			struct media_pad_desc pad;
> +
> +			memset(&pad, 0, sizeof(pad));
>  			media_device_kpad_to_upad(&entity->pads[p], &pad);
>  			if (copy_to_user(&links->pads[p], &pad, sizeof(pad)))
>  				return -EFAULT;
> @@ -156,6 +158,7 @@ static long __media_device_enum_links(struct media_device *mdev,
>  			if (entity->links[l].source->entity != entity)
>  				continue;
>  
> +			memset(&link, 0, sizeof(link));
>  			media_device_kpad_to_upad(entity->links[l].source,
>  						  &link.source);
>  			media_device_kpad_to_upad(entity->links[l].sink,

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [patch] [media] media: info leak in __media_device_enum_links()
  2013-05-31 12:24 ` Dan Carpenter
@ 2013-06-10 10:07   ` Laurent Pinchart
  0 siblings, 0 replies; 3+ messages in thread
From: Laurent Pinchart @ 2013-06-10 10:07 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Mauro Carvalho Chehab, linux-media, kernel-janitors

Hi Dan,

On Friday 31 May 2013 15:24:45 Dan Carpenter wrote:
> Ping?

Oops, sorry for having missed the patch.

> On Sat, Apr 13, 2013 at 12:32:15PM +0300, Dan Carpenter wrote:
> > These structs have holes and reserved struct members which aren't
> > cleared.  I've added a memset() so we don't leak stack information.
> > 
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>

I've taken the patch in my tree, Added a "CC: stable@vger.kernel.org" and 
issued a pull request.

> > diff --git a/drivers/media/media-device.c b/drivers/media/media-device.c
> > index 99b80b6..450c0d1 100644
> > --- a/drivers/media/media-device.c
> > +++ b/drivers/media/media-device.c
> > @@ -139,6 +139,8 @@ static long __media_device_enum_links(struct
> > media_device *mdev,> 
> >  		for (p = 0; p < entity->num_pads; p++) {
> >  		
> >  			struct media_pad_desc pad;
> > 
> > +
> > +			memset(&pad, 0, sizeof(pad));
> > 
> >  			media_device_kpad_to_upad(&entity->pads[p], &pad);
> >  			if (copy_to_user(&links->pads[p], &pad, sizeof(pad)))
> >  			
> >  				return -EFAULT;
> > 
> > @@ -156,6 +158,7 @@ static long __media_device_enum_links(struct
> > media_device *mdev,> 
> >  			if (entity->links[l].source->entity != entity)
> >  			
> >  				continue;
> > 
> > +			memset(&link, 0, sizeof(link));
> > 
> >  			media_device_kpad_to_upad(entity->links[l].source,
> >  			
> >  						  &link.source);
> >  			
> >  			media_device_kpad_to_upad(entity->links[l].sink,

-- 
Regards,

Laurent Pinchart


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2013-06-10 10:07 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-04-13  9:32 [patch] [media] media: info leak in __media_device_enum_links() Dan Carpenter
2013-05-31 12:24 ` Dan Carpenter
2013-06-10 10:07   ` Laurent Pinchart

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox