summaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorVasiliy Kulikov <segooon@gmail.com>2010-11-06 15:41:24 +0100
committerDavid Woodhouse <David.Woodhouse@intel.com>2010-12-03 17:29:12 +0100
commita0c5a3944ce121bb2417c771f77b18485cd84e18 (patch)
tree877da9f538e5e53476f22f9d90212116abff8356 /drivers
parentmtd: onenand: implement cache program feature for 4KiB page onenand (diff)
downloadlinux-a0c5a3944ce121bb2417c771f77b18485cd84e18.tar.xz
linux-a0c5a3944ce121bb2417c771f77b18485cd84e18.zip
mtd: mtdchar: fix information leak to userland
Structure mtd_info_user is copied to userland with padding byted between "type" and "flags" fields uninitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/mtd/mtdchar.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
index 4759d827e8c7..cad8fcc7b239 100644
--- a/drivers/mtd/mtdchar.c
+++ b/drivers/mtd/mtdchar.c
@@ -601,6 +601,7 @@ static int mtd_ioctl(struct file *file, u_int cmd, u_long arg)
}
case MEMGETINFO:
+ memset(&info, 0, sizeof(info));
info.type = mtd->type;
info.flags = mtd->flags;
info.size = mtd->size;
@@ -609,7 +610,6 @@ static int mtd_ioctl(struct file *file, u_int cmd, u_long arg)
info.oobsize = mtd->oobsize;
/* The below fields are obsolete */
info.ecctype = -1;
- info.eccsize = 0;
if (copy_to_user(argp, &info, sizeof(struct mtd_info_user)))
return -EFAULT;
break;