From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-Id: <20130911042917.625281726@goodmis.org> Date: Wed, 11 Sep 2013 00:29:39 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Dan Carpenter , Eric Paris , Al Viro , Andrew Morton Subject: [152/251] fanotify: info leak in copy_event_to_user() References: <20130911042707.738353451@goodmis.org> Content-Disposition: inline; filename=0152-fanotify-info-leak-in-copy_event_to_user.patch Sender: linux-kernel-owner@vger.kernel.org List-ID: 3.6.11.9-rc1 stable review patch. If anyone has any objections, please let me know. ------------------ From: Dan Carpenter [ Upstream commit de1e0c40aceb9d5bff09c3a3b97b2f1b178af53f ] The ->reserved field isn't cleared so we leak one byte of stack information to userspace. Signed-off-by: Dan Carpenter Cc: Eric Paris Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Steven Rostedt --- fs/notify/fanotify/fanotify_user.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c index d438036..b670659 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c @@ -116,6 +116,7 @@ static int fill_event_metadata(struct fsnotify_group *group, metadata->event_len = FAN_EVENT_METADATA_LEN; metadata->metadata_len = FAN_EVENT_METADATA_LEN; metadata->vers = FANOTIFY_METADATA_VERSION; + metadata->reserved = 0; metadata->mask = event->mask & FAN_ALL_OUTGOING_EVENTS; metadata->pid = pid_vnr(event->tgid); if (unlikely(event->mask & FAN_Q_OVERFLOW)) -- 1.7.10.4