projects
/
GitHub
/
LineageOS
/
G12
/
android_kernel_amlogic_linux-4.9.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
ffd7d6b
)
drivers/char/applicom.c: fix information leak to userland
author
Vasiliy Kulikov
<segooon@gmail.com>
Wed, 27 Oct 2010 22:34:21 +0000
(15:34 -0700)
committer
Linus Torvalds
<torvalds@linux-foundation.org>
Thu, 28 Oct 2010 01:03:14 +0000
(18:03 -0700)
Structure st_loc is copied to userland with some fields unitialized. It
leads to leaking of stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/char/applicom.c
patch
|
blob
|
blame
|
history
diff --git
a/drivers/char/applicom.c
b/drivers/char/applicom.c
index e7ba774beda6b8598a47dd77faf52e5283437037..25373df1dcf8c256404626dc4376c56253039089 100644
(file)
--- a/
drivers/char/applicom.c
+++ b/
drivers/char/applicom.c
@@
-566,6
+566,7
@@
static ssize_t ac_read (struct file *filp, char __user *buf, size_t count, loff_
struct mailbox mailbox;
/* Got a packet for us */
+ memset(&st_loc, 0, sizeof(st_loc));
ret = do_ac_read(i, buf, &st_loc, &mailbox);
spin_unlock_irqrestore(&apbs[i].mutex, flags);
set_current_state(TASK_RUNNING);