--- /dev/null
+From b97b3d9fb57860a60592859e332de7759fd54c2e Mon Sep 17 00:00:00 2001
+From: Greg KH <greg@kroah.com>
+Date: Thu, 4 Oct 2018 11:06:14 -0700
+Subject: tty: wipe buffer if not echoing data
+
+From: Greg Kroah-Hartman <greg@kroah.com>
+
+commit b97b3d9fb57860a60592859e332de7759fd54c2e upstream.
+
+If we are not echoing the data to userspace or the console is in icanon
+mode, then perhaps it is a "secret" so we should wipe it once we are
+done with it.
+
+This mirrors the logic that the audit code has.
+
+Reported-by: aszlig <aszlig@nix.build>
+Tested-by: Milan Broz <gmazyland@gmail.com>
+Tested-by: Daniel Zatovic <daniel.zatovic@gmail.com>
+Tested-by: aszlig <aszlig@nix.build>
+Cc: Willy Tarreau <w@1wt.eu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/n_tty.c | 19 +++++++++++++++++--
+ 1 file changed, 17 insertions(+), 2 deletions(-)
+
+--- a/drivers/tty/n_tty.c
++++ b/drivers/tty/n_tty.c
+@@ -188,15 +188,29 @@ static int receive_room(struct tty_struc
+ return left;
+ }
+
++/* If we are not echoing the data, perhaps this is a secret so erase it */
++static inline void zero_buffer(struct tty_struct *tty, u8 *buffer, int size)
++{
++ bool icanon = !!L_ICANON(tty);
++ bool no_echo = !L_ECHO(tty);
++
++ if (icanon && no_echo)
++ memset(buffer, 0x00, size);
++}
++
+ static inline int tty_copy_to_user(struct tty_struct *tty,
+ void __user *to,
+- const void *from,
++ void *from,
+ unsigned long n)
+ {
+ struct n_tty_data *ldata = tty->disc_data;
++ int retval;
+
+ tty_audit_add_data(tty, from, n, ldata->icanon);
+- return copy_to_user(to, from, n);
++ retval = copy_to_user(to, from, n);
++ if (!retval)
++ zero_buffer(tty, from, n);
++ return retval;
+ }
+
+ /**
+@@ -2006,6 +2020,7 @@ static int copy_from_read_buf(struct tty
+ is_eof = n == 1 && read_buf(ldata, tail) == EOF_CHAR(tty);
+ tty_audit_add_data(tty, read_buf_addr(ldata, tail), n,
+ ldata->icanon);
++ zero_buffer(tty, read_buf_addr(ldata, tail), n);
+ ldata->read_tail += n;
+ /* Turn single EOF into zero-length read */
+ if (L_EXTPROC(tty) && ldata->icanon && is_eof && !read_cnt(ldata))
--- /dev/null
+From c9a8e5fce009e3c601a43c49ea9dbcb25d1ffac5 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Thu, 4 Oct 2018 11:06:13 -0700
+Subject: tty: wipe buffer.
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit c9a8e5fce009e3c601a43c49ea9dbcb25d1ffac5 upstream.
+
+After we are done with the tty buffer, zero it out.
+
+Reported-by: aszlig <aszlig@nix.build>
+Tested-by: Milan Broz <gmazyland@gmail.com>
+Tested-by: Daniel Zatovic <daniel.zatovic@gmail.com>
+Tested-by: aszlig <aszlig@nix.build>
+Cc: Willy Tarreau <w@1wt.eu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/tty_buffer.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/tty/tty_buffer.c
++++ b/drivers/tty/tty_buffer.c
+@@ -415,6 +415,8 @@ receive_buf(struct tty_struct *tty, stru
+ disc->ops->receive_buf(tty, p, f, count);
+ }
+ head->read += count;
++ if (count > 0)
++ memset(p, 0, count);
+ return count;
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
