[PATCH 3.8 35/91] wanxl: fix info leak in ioctl
Kamal Mostafa
kamal at canonical.com
Fri Nov 8 02:14:50 UTC 2013
3.8.13.13 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Salva=20Peir=C3=B3?= <speiro at ai2.upv.es>
[ Upstream commit 2b13d06c9584b4eb773f1e80bbaedab9a1c344e1 ]
The wanxl_ioctl() code fails to initialize the two padding bytes of
struct sync_serial_settings after the ->loopback member. Add an explicit
memset(0) before filling the structure to avoid the info leak.
Signed-off-by: Salva Peiró <speiro at ai2.upv.es>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
drivers/net/wan/wanxl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wan/wanxl.c b/drivers/net/wan/wanxl.c
index 6a24a5a..4c0a697 100644
--- a/drivers/net/wan/wanxl.c
+++ b/drivers/net/wan/wanxl.c
@@ -355,6 +355,7 @@ static int wanxl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
ifr->ifr_settings.size = size; /* data size wanted */
return -ENOBUFS;
}
+ memset(&line, 0, sizeof(line));
line.clock_type = get_status(port)->clocking;
line.clock_rate = 0;
line.loopback = 0;
--
1.8.1.2
More information about the kernel-team
mailing list