[patch] IB/hfi1: info leak in get_ctxt_info()

Julia Lawall julia.lawall at lip6.fr
Wed Sep 16 06:25:00 UTC 2015


On Wed, 16 Sep 2015, Dan Carpenter wrote:

> The cinfo struct has a hole after the last struct member so we need to
> zero it out.  Otherwise we don't disclose some uninitialized stack data.

I think the "don't" wasn't intended in the second sentence?

julia

> 
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
> 
> diff --git a/drivers/staging/rdma/hfi1/file_ops.c b/drivers/staging/rdma/hfi1/file_ops.c
> index 4698617..2c43ca5 100644
> --- a/drivers/staging/rdma/hfi1/file_ops.c
> +++ b/drivers/staging/rdma/hfi1/file_ops.c
> @@ -1181,6 +1181,7 @@ static int get_ctxt_info(struct file *fp, void __user *ubase, __u32 len)
>  	struct hfi1_filedata *fd = fp->private_data;
>  	int ret = 0;
>  
> +	memset(&cinfo, 0, sizeof(cinfo));
>  	ret = hfi1_get_base_kinfo(uctxt, &cinfo);
>  	if (ret < 0)
>  		goto done;
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 


More information about the devel mailing list