[patch] [media] bt8xx: info leak in ca_get_slot_info()
p_ca_slot_info was allocated with kmalloc() so we need to clear it
before passing it to the user.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
diff --git a/drivers/media/pci/bt8xx/dst_ca.c b/drivers/media/pci/bt8xx/dst_ca.c
index 0e788fc..6b9dc3f 100644
--- a/drivers/media/pci/bt8xx/dst_ca.c
+++ b/drivers/media/pci/bt8xx/dst_ca.c
@@ -302,8 +302,11 @@ static int ca_get_slot_info(struct dst_state *state,
struct ca_slot_info *p_ca_s
p_ca_slot_info-flags = CA_CI_MODULE_READY;
p_ca_slot_info-num = 1;
p_ca_slot_info-type = CA_CI;
- } else
+ } else {
p_ca_slot_info-flags = 0;
+ p_ca_slot_info-num = 0;
+ p_ca_slot_info-type = 0;
+ }
if (copy_to_user(arg, p_ca_slot_info, sizeof (struct ca_slot_info)))
return -EFAULT;
--
To unsubscribe from this list: send the line unsubscribe linux-media in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch] [media] bt8xx: info leak in ca_get_slot_info()
Am 25.07.2013 18:46, schrieb Dan Carpenter:
p_ca_slot_info was allocated with kmalloc() so we need to clear it
before passing it to the user.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
diff --git a/drivers/media/pci/bt8xx/dst_ca.c
b/drivers/media/pci/bt8xx/dst_ca.c
index 0e788fc..6b9dc3f 100644
--- a/drivers/media/pci/bt8xx/dst_ca.c
+++ b/drivers/media/pci/bt8xx/dst_ca.c
@@ -302,8 +302,11 @@ static int ca_get_slot_info(struct dst_state *state,
struct ca_slot_info *p_ca_s
p_ca_slot_info-flags = CA_CI_MODULE_READY;
p_ca_slot_info-num = 1;
p_ca_slot_info-type = CA_CI;
- } else
+ } else {
p_ca_slot_info-flags = 0;
+ p_ca_slot_info-num = 0;
+ p_ca_slot_info-type = 0;
+ }
if (copy_to_user(arg, p_ca_slot_info, sizeof (struct ca_slot_info)))
return -EFAULT;
note: i have no clue how p_ca_slot_info looks like,
but to avoid information leaks via compiler padding etc. i could be more wise
to do a memset(p_ca_slot_info,0,sizeof (struct ca_slot_info))
and then set the
p_ca_slot_info-flags = CA_CI_MODULE_READY;
p_ca_slot_info-num = 1;
p_ca_slot_info-type = CA_CI;
just my 2 cents,
re,
wh
--
To unsubscribe from this list: send the line unsubscribe linux-media in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch] [media] bt8xx: info leak in ca_get_slot_info()
On Thu, Jul 25, 2013 at 07:29:09PM +0200, walter harms wrote:
Am 25.07.2013 18:46, schrieb Dan Carpenter:
p_ca_slot_info was allocated with kmalloc() so we need to clear it
before passing it to the user.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
diff --git a/drivers/media/pci/bt8xx/dst_ca.c
b/drivers/media/pci/bt8xx/dst_ca.c
index 0e788fc..6b9dc3f 100644
--- a/drivers/media/pci/bt8xx/dst_ca.c
+++ b/drivers/media/pci/bt8xx/dst_ca.c
@@ -302,8 +302,11 @@ static int ca_get_slot_info(struct dst_state *state,
struct ca_slot_info *p_ca_s
p_ca_slot_info-flags = CA_CI_MODULE_READY;
p_ca_slot_info-num = 1;
p_ca_slot_info-type = CA_CI;
- } else
+ } else {
p_ca_slot_info-flags = 0;
+ p_ca_slot_info-num = 0;
+ p_ca_slot_info-type = 0;
+ }
if (copy_to_user(arg, p_ca_slot_info, sizeof (struct ca_slot_info)))
return -EFAULT;
note: i have no clue how p_ca_slot_info looks like,
but to avoid information leaks via compiler padding etc. i could be more wise
to do a memset(p_ca_slot_info,0,sizeof (struct ca_slot_info))
and then set the
There is no compiler padding. My static checker looks for that.
regards,
dan carpenter
--
To unsubscribe from this list: send the line unsubscribe linux-media in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
