[PATCH 3.8 88/91] Staging: sb105x: info leak in mp_get_count()
Kamal Mostafa
kamal at canonical.com
Fri Nov 8 02:15:43 UTC 2013
3.8.13.13 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter at oracle.com>
commit a8b33654b1e3b0c74d4a1fed041c9aae50b3c427 upstream.
The icount.reserved[] array isn't initialized so it leaks stack
information to userspace.
Reported-by: Nico Golde <nico at ngolde.de>
Reported-by: Fabian Yamaguchi <fabs at goesec.de>
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
drivers/staging/sb105x/sb_pci_mp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/sb105x/sb_pci_mp.c b/drivers/staging/sb105x/sb_pci_mp.c
index 9464f38..0f5e262 100644
--- a/drivers/staging/sb105x/sb_pci_mp.c
+++ b/drivers/staging/sb105x/sb_pci_mp.c
@@ -1063,7 +1063,7 @@ static int mp_wait_modem_status(struct sb_uart_state *state, unsigned long arg)
static int mp_get_count(struct sb_uart_state *state, struct serial_icounter_struct *icnt)
{
- struct serial_icounter_struct icount;
+ struct serial_icounter_struct icount = {};
struct sb_uart_icount cnow;
struct sb_uart_port *port = state->port;
--
1.8.1.2
More information about the kernel-team
mailing list