ipmi: info leak in compat_ipmi_ioctl()
authorDan Carpenter <dan.carpenter@oracle.com>
Thu, 5 Sep 2013 11:36:33 +0000 (06:36 -0500)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 5 Sep 2013 15:34:31 +0000 (08:34 -0700)
On x86_64 there is a 4 byte hole between ->recv_type and ->addr.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/char/ipmi/ipmi_devintf.c

index d5a5f020810afcdf8f6d5d19d1b45960c83589d5..ec318bf434a6c3d890d26060a9c388295bde807e 100644 (file)
@@ -810,6 +810,7 @@ static long compat_ipmi_ioctl(struct file *filep, unsigned int cmd,
                struct ipmi_recv   __user *precv64;
                struct ipmi_recv   recv64;
 
+               memset(&recv64, 0, sizeof(recv64));
                if (get_compat_ipmi_recv(&recv64, compat_ptr(arg)))
                        return -EFAULT;