From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755894AbaELB5L (ORCPT ); Sun, 11 May 2014 21:57:11 -0400 Received: from 1wt.eu ([62.212.114.60]:34671 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753713AbaELBnD (ORCPT ); Sun, 11 May 2014 21:43:03 -0400 Message-Id: <20140512003201.054244438@1wt.eu> User-Agent: quilt/0.48-1 Date: Mon, 12 May 2014 02:32:10 +0200 From: Willy Tarreau To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Dan Carpenter , Mike Miller , Andrew Morton , Linus Torvalds , Willy Tarreau Subject: [ 010/143] cpqarray: fix info leak in ida_locked_ioctl() In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2.6.32-longterm review patch. If anyone has any objections, please let me know. ------------------ From: Dan Carpenter commit 627aad1c01da6f881e7f98d71fd928ca0c316b1a upstream The pciinfo struct has a two byte hole after ->dev_fn so stack information could be leaked to the user. This was assigned CVE-2013-2147. Signed-off-by: Dan Carpenter Acked-by: Mike Miller Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Willy Tarreau --- drivers/block/cpqarray.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c index 6422651..f9caa45 100644 --- a/drivers/block/cpqarray.c +++ b/drivers/block/cpqarray.c @@ -1181,6 +1181,7 @@ out_passthru: ida_pci_info_struct pciinfo; if (!arg) return -EINVAL; + memset(&pciinfo, 0, sizeof(pciinfo)); pciinfo.bus = host->pci_dev->bus->number; pciinfo.dev_fn = host->pci_dev->devfn; pciinfo.board_id = host->board_id; -- 1.7.12.2.21.g234cd45.dirty