]>
Commit | Line | Data |
---|---|---|
eaad4d6c GKH |
1 | From 5dc92cf1d0b4b0debbd2e333b83f9746c103533d Mon Sep 17 00:00:00 2001 |
2 | From: Vasiliy Kulikov <segooon@gmail.com> | |
3 | Date: Sat, 6 Nov 2010 17:41:35 +0300 | |
4 | Subject: usb: misc: sisusbvga: fix information leak to userland | |
5 | ||
6 | From: Vasiliy Kulikov <segooon@gmail.com> | |
7 | ||
8 | commit 5dc92cf1d0b4b0debbd2e333b83f9746c103533d upstream. | |
9 | ||
10 | Structure sisusb_info is copied to userland with "sisusb_reserved" field | |
11 | uninitialized. It leads to leaking of contents of kernel stack memory. | |
12 | ||
13 | Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> | |
14 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
15 | ||
16 | --- | |
17 | drivers/usb/misc/sisusbvga/sisusb.c | 1 + | |
18 | 1 file changed, 1 insertion(+) | |
19 | ||
20 | --- a/drivers/usb/misc/sisusbvga/sisusb.c | |
21 | +++ b/drivers/usb/misc/sisusbvga/sisusb.c | |
22 | @@ -3008,6 +3008,7 @@ sisusb_ioctl(struct file *file, unsigned | |
23 | #else | |
24 | x.sisusb_conactive = 0; | |
25 | #endif | |
26 | + memset(x.sisusb_reserved, 0, sizeof(x.sisusb_reserved)); | |
27 | ||
28 | if (copy_to_user((void __user *)arg, &x, sizeof(x))) | |
29 | retval = -EFAULT; |