[PATCH 7/8] char: synclink_gt: fix information leak to userland

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH 7/8] char: synclink_gt: fix information leak to userland
@ 2010-10-17 14:41 Vasiliy Kulikov
  2010-10-18 21:10 ` Paul Fulghum
  0 siblings, 1 reply; 2+ messages in thread
From: Vasiliy Kulikov @ 2010-10-17 14:41 UTC (permalink / raw)
  To: kernel-janitors
  Cc: Greg Kroah-Hartman, Alan Cox, Paul Fulghum, Kulikov Vasiliy,
	Andrew Morton, linux-kernel

Structures tmp_params and new_line are copied to userland with some padding
fields unitialized.  It leads to leaking of stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
---
 Compile tested.

 drivers/char/synclink_gt.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/drivers/char/synclink_gt.c b/drivers/char/synclink_gt.c
index 1746d91..c3c2cf8 100644
--- a/drivers/char/synclink_gt.c
+++ b/drivers/char/synclink_gt.c
@@ -1132,6 +1132,7 @@ static long get_params32(struct slgt_info *info, struct MGSL_PARAMS32 __user *us
 	struct MGSL_PARAMS32 tmp_params;
 
 	DBGINFO(("%s get_params32\n", info->device_name));
+	memset(&tmp_params, 0, sizeof(tmp_params));
 	tmp_params.mode            = (compat_ulong_t)info->params.mode;
 	tmp_params.loopback        = info->params.loopback;
 	tmp_params.flags           = info->params.flags;
@@ -1617,6 +1618,8 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
 	if (cmd != SIOCWANDEV)
 		return hdlc_ioctl(dev, ifr, cmd);
 
+	memset(&new_line, 0, sizeof(new_line));
+
 	switch(ifr->ifr_settings.type) {
 	case IF_GET_IFACE: /* return current sync_serial_settings */
 
-- 
1.7.0.4


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH 7/8] char: synclink_gt: fix information leak to userland
  2010-10-17 14:41 [PATCH 7/8] char: synclink_gt: fix information leak to userland Vasiliy Kulikov
@ 2010-10-18 21:10 ` Paul Fulghum
  0 siblings, 0 replies; 2+ messages in thread
From: Paul Fulghum @ 2010-10-18 21:10 UTC (permalink / raw)
  To: Vasiliy Kulikov
  Cc: kernel-janitors, Greg Kroah-Hartman, Alan Cox, Andrew Morton,
	linux-kernel


Acked-by: Paul Fulghum <paulkf@microgate.com>

On 10/17/2010 8:41 AM, Vasiliy Kulikov wrote:
> Structures tmp_params and new_line are copied to userland with some padding
> fields unitialized.  It leads to leaking of stack memory.
> 
> Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>


-- 
Paul Fulghum
MicroGate Systems, Ltd.
=Customer Driven, by Design=
(800)444-1982
(512)345-7791 (Direct)
(512)343-9046 (Fax)
Central Time Zone (GMT -6h)
www.microgate.com

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-10-18 20:39 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-17 14:41 [PATCH 7/8] char: synclink_gt: fix information leak to userland Vasiliy Kulikov
2010-10-18 21:10 ` Paul Fulghum

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox