diff options
author | Vasiliy Kulikov <segooon@gmail.com> | 2010-10-28 00:34:21 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-10-28 03:03:14 +0200 |
commit | 19714a8af8fe8618a9beace1f7a3bb10d55d5e2f (patch) | |
tree | cdeb07d5d1c2038d1f2251e8455075ccdfa4903e /drivers | |
parent | synclink_gt: fix per device locking (diff) | |
download | linux-19714a8af8fe8618a9beace1f7a3bb10d55d5e2f.tar.xz linux-19714a8af8fe8618a9beace1f7a3bb10d55d5e2f.zip |
drivers/char/applicom.c: fix information leak to userland
Structure st_loc is copied to userland with some fields unitialized. It
leads to leaking of stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to '')
-rw-r--r-- | drivers/char/applicom.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/char/applicom.c b/drivers/char/applicom.c index e7ba774beda6..25373df1dcf8 100644 --- a/drivers/char/applicom.c +++ b/drivers/char/applicom.c @@ -566,6 +566,7 @@ static ssize_t ac_read (struct file *filp, char __user *buf, size_t count, loff_ struct mailbox mailbox; /* Got a packet for us */ + memset(&st_loc, 0, sizeof(st_loc)); ret = do_ac_read(i, buf, &st_loc, &mailbox); spin_unlock_irqrestore(&apbs[i].mutex, flags); set_current_state(TASK_RUNNING); |