releases/2.6.36.2/usb-misc-sisusbvga-fix-information-leak-to-userland.patch

   1 From 5dc92cf1d0b4b0debbd2e333b83f9746c103533d Mon Sep 17 00:00:00 2001
   2 From: Vasiliy Kulikov <segooon@gmail.com>
   3 Date: Sat, 6 Nov 2010 17:41:35 +0300
   4 Subject: usb: misc: sisusbvga: fix information leak to userland
   5
   6 From: Vasiliy Kulikov <segooon@gmail.com>
   7
   8 commit 5dc92cf1d0b4b0debbd2e333b83f9746c103533d upstream.
   9
  10 Structure sisusb_info is copied to userland with "sisusb_reserved" field
  11 uninitialized.  It leads to leaking of contents of kernel stack memory.
  12
  13 Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
  14 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  15
  16 ---
  17  drivers/usb/misc/sisusbvga/sisusb.c |    1 +
  18  1 file changed, 1 insertion(+)
  19
  20 --- a/drivers/usb/misc/sisusbvga/sisusb.c
  21 +++ b/drivers/usb/misc/sisusbvga/sisusb.c
  22 @@ -3008,6 +3008,7 @@ sisusb_ioctl(struct file *file, unsigned
  23  #else
  24                         x.sisusb_conactive  = 0;
  25  #endif
  26 +                       memset(x.sisusb_reserved, 0, sizeof(x.sisusb_reserved));
  27
  28                         if (copy_to_user((void __user *)arg, &x, sizeof(x)))
  29                                 retval = -EFAULT;