[patch] Staging: sb105x: info leak in mp_get_count()
Dan Carpenter
dan.carpenter at oracle.com
Tue Oct 29 20:01:43 UTC 2013
The icount.reserved[] array isn't initialized so it leaks stack
information to userspace.
Reported-by: Nico Golde <nico at ngolde.de>
Reported-by: Fabian Yamaguchi <fabs at goesec.de>
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
diff --git a/drivers/staging/sb105x/sb_pci_mp.c b/drivers/staging/sb105x/sb_pci_mp.c
index bc53b4e..bde28b9 100644
--- a/drivers/staging/sb105x/sb_pci_mp.c
+++ b/drivers/staging/sb105x/sb_pci_mp.c
@@ -1063,7 +1063,7 @@ static int mp_wait_modem_status(struct sb_uart_state *state, unsigned long arg)
static int mp_get_count(struct sb_uart_state *state, struct serial_icounter_struct *icnt)
{
- struct serial_icounter_struct icount;
+ struct serial_icounter_struct icount = {};
struct sb_uart_icount cnow;
struct sb_uart_port *port = state->port;
More information about the devel
mailing list