From: Dan Rosenberg Date: Wed, 15 Sep 2010 11:43:28 +0000 (+0000) Subject: drivers/net/usb/hso.c: prevent reading uninitialized memory X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=7011e660938fc44ed86319c18a5954e95a82ab3e;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git drivers/net/usb/hso.c: prevent reading uninitialized memory Fixed formatting (tabs and line breaks). The TIOCGICOUNT device ioctl allows unprivileged users to read uninitialized stack memory, because the "reserved" member of the serial_icounter_struct struct declared on the stack in hso_get_count() is not altered or zeroed before being copied back to the user. This patch takes care of it. Signed-off-by: Dan Rosenberg Signed-off-by: David S. Miller --- diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c index 6efca66b876..1cd752f9a6e 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -1652,6 +1652,8 @@ static int hso_get_count(struct hso_serial *serial, struct uart_icount cnow; struct hso_tiocmget *tiocmget = serial->tiocmget; + memset(&icount, 0, sizeof(struct serial_icounter_struct)); + if (!tiocmget) return -ENOENT; spin_lock_irq(&serial->serial_lock);