projects
/
GitHub
/
LineageOS
/
android_kernel_motorola_exynos9610.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
027b180
)
block: cciss: fix information leak to userland
author
Vasiliy Kulikov
<segooon@gmail.com>
Thu, 28 Oct 2010 12:31:55 +0000
(06:31 -0600)
committer
Jens Axboe
<jaxboe@fusionio.com>
Thu, 28 Oct 2010 12:31:55 +0000
(06:31 -0600)
Structure IOCTL_Command_struct is copied to userland with
some padding fields at the end of the struct unitialized.
It leads to leaking of contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
drivers/block/cciss.c
patch
|
blob
|
blame
|
history
diff --git
a/drivers/block/cciss.c
b/drivers/block/cciss.c
index f09e6df15aa7f8e9c6f5842920e43eee3819f21b..13d87a031c88fc6ec76b82b335d79aef1341543c 100644
(file)
--- a/
drivers/block/cciss.c
+++ b/
drivers/block/cciss.c
@@
-1184,6
+1184,7
@@
static int cciss_ioctl32_big_passthru(struct block_device *bdev, fmode_t mode,
int err;
u32 cp;
+ memset(&arg64, 0, sizeof(arg64));
err = 0;
err |=
copy_from_user(&arg64.LUN_info, &arg32->LUN_info,