[linux-usb-devel] Re: [PATCH] USB fixes for 2.6.0-test8

Sat, 25 Oct 2003 12:49:25 -0700 

ChangeSet 1.1337.38.2, 2003/10/23 16:58:45-07:00, [EMAIL PROTECTED]

[PATCH] leaking info on drivers/usb

I'm doing an audit wrt copy_to_user leaking info to userspace, started
with drivers/usb, please apply.


 drivers/usb/class/audio.c        |    4 ++++
 drivers/usb/media/vicam.c        |    1 +
 drivers/usb/misc/brlvger.c       |    1 +
 drivers/usb/serial/io_edgeport.c |    1 +
 4 files changed, 7 insertions(+)


diff -Nru a/drivers/usb/class/audio.c b/drivers/usb/class/audio.c
--- a/drivers/usb/class/audio.c Thu Oct 23 23:04:43 2003
+++ b/drivers/usb/class/audio.c Thu Oct 23 23:04:43 2003
@@ -2007,6 +2007,8 @@
   
        if (cmd == SOUND_MIXER_INFO) {
                mixer_info info;
+
+               memset(&info, 0, sizeof(info));
                strncpy(info.id, "USB_AUDIO", sizeof(info.id));
                strncpy(info.name, "USB Audio Class Driver", sizeof(info.name));
                info.modify_counter = ms->modcnt;
@@ -2016,6 +2018,8 @@
        }
        if (cmd == SOUND_OLD_MIXER_INFO) {
                _old_mixer_info info;
+
+               memset(&info, 0, sizeof(info));
                strncpy(info.id, "USB_AUDIO", sizeof(info.id));
                strncpy(info.name, "USB Audio Class Driver", sizeof(info.name));
                if (copy_to_user((void __user *)arg, &info, sizeof(info)))
diff -Nru a/drivers/usb/media/vicam.c b/drivers/usb/media/vicam.c
--- a/drivers/usb/media/vicam.c Thu Oct 23 23:04:43 2003
+++ b/drivers/usb/media/vicam.c Thu Oct 23 23:04:43 2003
@@ -539,6 +539,7 @@
                        struct video_capability b;
 
                        DBG("VIDIOCGCAP\n");
+                       memset(&b, 0, sizeof(b));
                        strcpy(b.name, "ViCam-based Camera");
                        b.type = VID_TYPE_CAPTURE;
                        b.channels = 1;
diff -Nru a/drivers/usb/misc/brlvger.c b/drivers/usb/misc/brlvger.c
--- a/drivers/usb/misc/brlvger.c        Thu Oct 23 23:04:43 2003
+++ b/drivers/usb/misc/brlvger.c        Thu Oct 23 23:04:43 2003
@@ -711,6 +711,7 @@
        case BRLVGER_GET_INFO: {
                struct brlvger_info vi;
 
+               memset(&vi, 0, sizeof(vi));
                strlcpy(vi.driver_version, DRIVER_VERSION,
                        sizeof(vi.driver_version));
                strlcpy(vi.driver_banner, longbanner,
diff -Nru a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
--- a/drivers/usb/serial/io_edgeport.c  Thu Oct 23 23:04:43 2003
+++ b/drivers/usb/serial/io_edgeport.c  Thu Oct 23 23:04:43 2003
@@ -1906,6 +1906,7 @@
 
                case TIOCGICOUNT:
                        cnow = edge_port->icount;
+                       memset(&icount, 0, sizeof(icount));
                        icount.cts = cnow.cts;
                        icount.dsr = cnow.dsr;
                        icount.rng = cnow.rng;



-------------------------------------------------------
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel

Reply via email to