On 3/31/2019 11:02 AM, Fuqian Huang wrote:
If the cmd is RCPK_GET_STRUCT, copy_to_user will copy
info to user space. As info->port.ops is the address of
a constant object rocket_port_ops (assigned in init_r_port),
a kernel address leakage happens.
This patch sets all the pointer fields to NULL
If the cmd is RCPK_GET_STRUCT, copy_to_user will copy
info to user space. As info->port.ops is the address of
a constant object rocket_port_ops (assigned in init_r_port),
a kernel address leakage happens.
This patch sets all the pointer fields to NULL before copy the
object to user space to avoid
2 matches
Mail list logo
