[patch] Staging: bcm: info leak in ioctl

Dan Carpenter Tue, 29 Oct 2013 13:04:57 -0700

The DevInfo.u32Reserved[] array isn't initialized so it leaks kernel
information to user space.


Reported-by: Nico Golde <n...@ngolde.de>
Reported-by: Fabian Yamaguchi <f...@goesec.de>
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>

diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c
index f91bc1f..639ba96 100644
--- a/drivers/staging/bcm/Bcmchar.c
+++ b/drivers/staging/bcm/Bcmchar.c
@@ -1960,6 +1960,7 @@ cntrlEnd:
 
                BCM_DEBUG_PRINT(Adapter, DBG_TYPE_OTHERS, OSAL_DBG, 
DBG_LVL_ALL, "Called IOCTL_BCM_GET_DEVICE_DRIVER_INFO\n");
 
+               memset(&DevInfo, 0, sizeof(DevInfo));
                DevInfo.MaxRDMBufferSize = BUFFER_4K;
                DevInfo.u32DSDStartOffset = EEPROM_CALPARAM_START;
                DevInfo.u32RxAlignmentCorrection = 0;
_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

[patch] Staging: bcm: info leak in ioctl

Reply via email to