[patch] Staging: sb105x: info leak in mp_get_count()
Josh Triplett
josh at joshtriplett.org
Sun Nov 3 18:28:02 UTC 2013
On Tue, Oct 29, 2013 at 11:01:43PM +0300, Dan Carpenter wrote:
> The icount.reserved[] array isn't initialized so it leaks stack
> information to userspace.
>
> Reported-by: Nico Golde <nico at ngolde.de>
> Reported-by: Fabian Yamaguchi <fabs at goesec.de>
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
Reviewed-by: Josh Triplett <josh at joshtriplett.org>
Also, you don't quite have the patch format right here; you should have
a --- line after the commit mesage, followed by a diffstat. Did you use
git format-patch to generate this patch?
> diff --git a/drivers/staging/sb105x/sb_pci_mp.c b/drivers/staging/sb105x/sb_pci_mp.c
> index bc53b4e..bde28b9 100644
> --- a/drivers/staging/sb105x/sb_pci_mp.c
> +++ b/drivers/staging/sb105x/sb_pci_mp.c
> @@ -1063,7 +1063,7 @@ static int mp_wait_modem_status(struct sb_uart_state *state, unsigned long arg)
>
> static int mp_get_count(struct sb_uart_state *state, struct serial_icounter_struct *icnt)
> {
> - struct serial_icounter_struct icount;
> + struct serial_icounter_struct icount = {};
> struct sb_uart_icount cnow;
> struct sb_uart_port *port = state->port;
>
More information about the devel
mailing list