drivers/char/applicom.c: fix information leak to userland
Vasiliy Kulikov [Wed, 27 Oct 2010 22:34:21 +0000 (15:34 -0700)]
Structure st_loc is copied to userland with some fields unitialized.  It
leads to leaking of stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

drivers/char/applicom.c

index e7ba774..25373df 100644 (file)
@@ -566,6 +566,7 @@ static ssize_t ac_read (struct file *filp, char __user *buf, size_t count, loff_
                                struct mailbox mailbox;
 
                                /* Got a packet for us */
+                               memset(&st_loc, 0, sizeof(st_loc));
                                ret = do_ac_read(i, buf, &st_loc, &mailbox);
                                spin_unlock_irqrestore(&apbs[i].mutex, flags);
                                set_current_state(TASK_RUNNING);