projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f55864a) | patch
IB: Fix information leak in marshalling code
authorVasiliy Kulikov <segoon@openwall.com>
Sun, 14 Nov 2010 09:22:52 +0000 (09:22 +0000)
committerRoland Dreier <rolandd@cisco.com>
Thu, 2 Dec 2010 00:33:18 +0000 (16:33 -0800)
commit91a4d157d0c18bd18fd95f90b67cb10d11701cca
tree3e5f469737873ae4bfc13f6f9f21dfcc112d191etree | snapshot (tar.gz zip)
parentf55864a4f435e47ad413be7016f38877b096bb5bcommit | diff
IB: Fix information leak in marshalling code

ib_ucm_init_qp_attr() and ucma_init_qp_attr() pass struct ib_uverbs_qp_attr
with reserved, qp_state, {ah_attr,alt_ah_attr}{reserved,->grh.reserved}
fields uninitialized to copy_to_user().  This leads to leaking of
contents of kernel stack memory to userspace.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
drivers/infiniband/core/uverbs_marshall.c diff | blob | blame | history
kernel source for telekom puls (alcatel/mediatek)