shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-10 12:57:06 +09:00
Code Issues Packages Projects Releases Wiki Activity

drivers/net/usb/hso.c: prevent reading uninitialized memory

Browse Source 
commit 7011e66093 upstream.

Fixed formatting (tabs and line breaks).

The TIOCGICOUNT device ioctl allows unprivileged users to read
uninitialized stack memory, because the "reserved" member of the
serial_icounter_struct struct declared on the stack in hso_get_count()
is not altered or zeroed before being copied back to the user.  This
patch takes care of it.

Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
Dan Rosenberg
2010-09-15 11:43:28 +00:00
committed by Greg Kroah-Hartman
parent 710acfd8d1
commit adf62df378
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/net/usb/hso.c
View File

@@ -1634,6 +1634,8 @@ static int hso_get_count(struct hso_serial *serial,
struct uart_icount cnow;
struct hso_tiocmget *tiocmget = serial->tiocmget;
memset(&icount, 0, sizeof(struct serial_icounter_struct));
if (!tiocmget)
return -ENOENT;
spin_lock_irq(&serial->serial_lock);