* [PATCH] isdn: mISDN: socket: fix information leak to userland
@ 2010-10-30 9:04 Vasiliy Kulikov
2010-10-30 23:49 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Vasiliy Kulikov @ 2010-10-30 9:04 UTC (permalink / raw)
To: kernel-janitors
Cc: Karsten Keil, Arnaldo Carvalho de Melo, David S. Miller,
Tejun Heo, Eric Paris, netdev, linux-kernel
Structure mISDN_devinfo is copied to userland with the field "name"
that has the last elements unitialized. It leads to leaking of
contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
---
Compile tested.
drivers/isdn/mISDN/socket.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/drivers/isdn/mISDN/socket.c b/drivers/isdn/mISDN/socket.c
index 3232206..7446d8b 100644
--- a/drivers/isdn/mISDN/socket.c
+++ b/drivers/isdn/mISDN/socket.c
@@ -392,6 +392,7 @@ data_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
if (dev) {
struct mISDN_devinfo di;
+ memset(&di, 0, sizeof(di));
di.id = dev->id;
di.Dprotocols = dev->Dprotocols;
di.Bprotocols = dev->Bprotocols | get_all_Bprotocols();
@@ -672,6 +673,7 @@ base_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
if (dev) {
struct mISDN_devinfo di;
+ memset(&di, 0, sizeof(di));
di.id = dev->id;
di.Dprotocols = dev->Dprotocols;
di.Bprotocols = dev->Bprotocols | get_all_Bprotocols();
--
1.7.0.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-10-30 23:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-30 9:04 [PATCH] isdn: mISDN: socket: fix information leak to userland Vasiliy Kulikov
2010-10-30 23:49 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).