isdn: mISDN: socket: fix information leak to userland
authorKulikov Vasiliy <segooon@gmail.com>
Fri, 29 Oct 2010 23:04:33 +0000 (23:04 +0000)
committerDavid S. Miller <davem@davemloft.net>
Sat, 30 Oct 2010 23:49:38 +0000 (16:49 -0700)
Structure mISDN_devinfo is copied to userland with the field "name"
that has the last elements unitialized.  It leads to leaking of
contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/isdn/mISDN/socket.c

index 3232206406b15bcdba06b39b837545307902d3e1..7446d8b4282d58cee32d435c930c23b1b43092a4 100644 (file)
@@ -392,6 +392,7 @@ data_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
                if (dev) {
                        struct mISDN_devinfo di;
 
+                       memset(&di, 0, sizeof(di));
                        di.id = dev->id;
                        di.Dprotocols = dev->Dprotocols;
                        di.Bprotocols = dev->Bprotocols | get_all_Bprotocols();
@@ -672,6 +673,7 @@ base_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
                if (dev) {
                        struct mISDN_devinfo di;
 
+                       memset(&di, 0, sizeof(di));
                        di.id = dev->id;
                        di.Dprotocols = dev->Dprotocols;
                        di.Bprotocols = dev->Bprotocols | get_all_Bprotocols();