From: Greg Kroah-Hartman Date: Thu, 29 Nov 2018 11:51:58 +0000 (+0100) Subject: 4.4-stable patches X-Git-Tag: v4.19.6~20 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8b6b23af0cb8963e79b18ed7bbb038d882c7c1aa;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: tty-wipe-buffer-if-not-echoing-data.patch tty-wipe-buffer.patch --- diff --git a/queue-4.4/series b/queue-4.4/series index 7993afe2068..f976890fda6 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -76,3 +76,5 @@ scsi-ufs-fix-race-between-clock-gating-and-devfreq-scaling-work.patch scsi-ufshcd-release-resources-if-probe-fails.patch scsi-qla2xxx-do-not-queue-commands-when-unloading.patch iwlwifi-mvm-fix-regulatory-domain-update-when-the-firmware-starts.patch +tty-wipe-buffer.patch +tty-wipe-buffer-if-not-echoing-data.patch diff --git a/queue-4.4/tty-wipe-buffer-if-not-echoing-data.patch b/queue-4.4/tty-wipe-buffer-if-not-echoing-data.patch new file mode 100644 index 00000000000..5d80f31a845 --- /dev/null +++ b/queue-4.4/tty-wipe-buffer-if-not-echoing-data.patch @@ -0,0 +1,68 @@ +From b97b3d9fb57860a60592859e332de7759fd54c2e Mon Sep 17 00:00:00 2001 +From: Greg KH +Date: Thu, 4 Oct 2018 11:06:14 -0700 +Subject: tty: wipe buffer if not echoing data + +From: Greg Kroah-Hartman + +commit b97b3d9fb57860a60592859e332de7759fd54c2e upstream. + +If we are not echoing the data to userspace or the console is in icanon +mode, then perhaps it is a "secret" so we should wipe it once we are +done with it. + +This mirrors the logic that the audit code has. + +Reported-by: aszlig +Tested-by: Milan Broz +Tested-by: Daniel Zatovic +Tested-by: aszlig +Cc: Willy Tarreau +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/n_tty.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +--- a/drivers/tty/n_tty.c ++++ b/drivers/tty/n_tty.c +@@ -165,15 +165,29 @@ static inline int tty_put_user(struct tt + return put_user(x, ptr); + } + ++/* If we are not echoing the data, perhaps this is a secret so erase it */ ++static inline void zero_buffer(struct tty_struct *tty, u8 *buffer, int size) ++{ ++ bool icanon = !!L_ICANON(tty); ++ bool no_echo = !L_ECHO(tty); ++ ++ if (icanon && no_echo) ++ memset(buffer, 0x00, size); ++} ++ + static inline int tty_copy_to_user(struct tty_struct *tty, + void __user *to, +- const void *from, ++ void *from, + unsigned long n) + { + struct n_tty_data *ldata = tty->disc_data; ++ int retval; + + tty_audit_add_data(tty, from, n, ldata->icanon); +- return copy_to_user(to, from, n); ++ retval = copy_to_user(to, from, n); ++ if (!retval) ++ zero_buffer(tty, from, n); ++ return retval; + } + + /** +@@ -2005,6 +2019,7 @@ static int copy_from_read_buf(struct tty + is_eof = n == 1 && read_buf(ldata, tail) == EOF_CHAR(tty); + tty_audit_add_data(tty, read_buf_addr(ldata, tail), n, + ldata->icanon); ++ zero_buffer(tty, read_buf_addr(ldata, tail), n); + smp_store_release(&ldata->read_tail, ldata->read_tail + n); + /* Turn single EOF into zero-length read */ + if (L_EXTPROC(tty) && ldata->icanon && is_eof && diff --git a/queue-4.4/tty-wipe-buffer.patch b/queue-4.4/tty-wipe-buffer.patch new file mode 100644 index 00000000000..570e1eb4380 --- /dev/null +++ b/queue-4.4/tty-wipe-buffer.patch @@ -0,0 +1,33 @@ +From c9a8e5fce009e3c601a43c49ea9dbcb25d1ffac5 Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Thu, 4 Oct 2018 11:06:13 -0700 +Subject: tty: wipe buffer. + +From: Linus Torvalds + +commit c9a8e5fce009e3c601a43c49ea9dbcb25d1ffac5 upstream. + +After we are done with the tty buffer, zero it out. + +Reported-by: aszlig +Tested-by: Milan Broz +Tested-by: Daniel Zatovic +Tested-by: aszlig +Cc: Willy Tarreau +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/tty_buffer.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/tty/tty_buffer.c ++++ b/drivers/tty/tty_buffer.c +@@ -454,6 +454,8 @@ receive_buf(struct tty_struct *tty, stru + if (count && disc->ops->receive_buf) + disc->ops->receive_buf(tty, p, f, count); + } ++ if (count > 0) ++ memset(p, 0, count); + return count; + } +