From: Vasiliy Kulikov <[email protected]> commit 5b917a1420d3d1a9c8da49fb0090692dc9aaee86 upstream.
Structure new_line is copied to userland with some padding fields unitialized. It leads to leaking of stack memory. Signed-off-by: Vasiliy Kulikov <[email protected]> Signed-off-by: Dominik Brodowski <[email protected]> Signed-off-by: Paul Gortmaker <[email protected]> --- drivers/char/pcmcia/synclink_cs.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c index c31a0d9..1165503 100644 --- a/drivers/char/pcmcia/synclink_cs.c +++ b/drivers/char/pcmcia/synclink_cs.c @@ -4144,6 +4144,8 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) if (cmd != SIOCWANDEV) return hdlc_ioctl(dev, ifr, cmd); + memset(&new_line, 0, size); + switch(ifr->ifr_settings.type) { case IF_GET_IFACE: /* return current sync_serial_settings */ -- 1.7.3.3 _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
