[PATCH 22/22] pcmcia: synclink_cs: fix information leak to userland

Dominik Brodowski Thu, 21 Oct 2010 08:47:57 -0700

From: Vasiliy Kulikov <sego...@gmail.com>

Structure new_line is copied to userland with some padding fields unitialized.
It leads to leaking of stack memory.


Signed-off-by: Vasiliy Kulikov <sego...@gmail.com>
CC: sta...@kernel.org
Signed-off-by: Dominik Brodowski <li...@dominikbrodowski.net>
---
 drivers/char/pcmcia/synclink_cs.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/drivers/char/pcmcia/synclink_cs.c 
b/drivers/char/pcmcia/synclink_cs.c
index d97a53c..be18100 100644
--- a/drivers/char/pcmcia/synclink_cs.c
+++ b/drivers/char/pcmcia/synclink_cs.c
@@ -4097,6 +4097,8 @@ static int hdlcdev_ioctl(struct net_device *dev, struct 
ifreq *ifr, int cmd)
        if (cmd != SIOCWANDEV)
                return hdlc_ioctl(dev, ifr, cmd);
 
+       memset(&new_line, 0, size);
+
        switch(ifr->ifr_settings.type) {
        case IF_GET_IFACE: /* return current sync_serial_settings */
 
-- 
1.7.0.4


_______________________________________________
Linux PCMCIA reimplementation list
http://lists.infradead.org/mailman/listinfo/linux-pcmcia

[PATCH 22/22] pcmcia: synclink_cs: fix information leak to userland

Reply via email to