eql.c: prevent reading uninitialized stack memory

Paul Gortmaker Sat, 01 Jan 2011 23:27:37 -0800

From: Dan Rosenberg <[email protected]>

commit 44467187dc22fdd33a1a06ea0ba86ce20be3fe3c upstream.


Fixed formatting (tabs and line breaks).

The EQL_GETMASTRCFG device ioctl allows unprivileged users to read 16
bytes of uninitialized stack memory, because the "master_name" member of
the master_config_t struct declared on the stack in eql_g_master_cfg()
is not altered or zeroed before being copied back to the user.  This
patch takes care of it.

Signed-off-by: Dan Rosenberg <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Paul Gortmaker <[email protected]>
---
 drivers/net/eql.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/drivers/net/eql.c b/drivers/net/eql.c
index b34a2dd..a8b982d 100644
--- a/drivers/net/eql.c
+++ b/drivers/net/eql.c
@@ -555,6 +555,8 @@ static int eql_g_master_cfg(struct net_device *dev, 
master_config_t __user *mcp)
        equalizer_t *eql;
        master_config_t mc;
 
+       memset(&mc, 0, sizeof(master_config_t));
+
        if (eql_is_master(dev)) {
                eql = netdev_priv(dev);
                mc.max_slaves = eql->max_slaves;
-- 
1.7.3.3

_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable

[stable] [34-longterm 124/260] drivers/net/eql.c: prevent reading uninitialized stack memory

Reply via email to