From: Dan Carpenter Date: Sun, 21 Apr 2013 11:07:29 +0000 (+0300) Subject: ALSA: compress: info leak in snd_compr_get_caps() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=1c62e9f2b5a97c53aaae490f844949d32cca6dc6;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git ALSA: compress: info leak in snd_compr_get_caps() If the ->get_caps() function doesn't clear the buffer then there would stack information leaked to userspace. For example, soc_compr_get_caps() can return success without clearing the buffer. Signed-off-by: Dan Carpenter Signed-off-by: Takashi Iwai --- diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c index 7941ace78283..664c69398b41 100644 --- a/sound/core/compress_offload.c +++ b/sound/core/compress_offload.c @@ -409,6 +409,7 @@ snd_compr_get_caps(struct snd_compr_stream *stream, unsigned long arg) if (!stream->ops->get_caps) return -ENXIO; + memset(&caps, 0, sizeof(caps)); retval = stream->ops->get_caps(stream, &caps); if (retval) goto out;