[Lucid][CVE-2014-1444] farsync: fix info leak in ioctl
Luis Henriques
luis.henriques at canonical.com
Tue Jan 28 13:21:15 UTC 2014
From: Salva Peiró <speiro at ai2.upv.es>
CVE-2014-1444
BugLink: http://bugs.launchpad.net/bugs/1271442
The fst_get_iface() code fails to initialize the two padding bytes of
struct sync_serial_settings after the ->loopback member. Add an explicit
memset(0) before filling the structure to avoid the info leak.
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit 96b340406724d87e4621284ebac5e059d67b2194)
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
drivers/net/wan/farsync.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wan/farsync.c b/drivers/net/wan/farsync.c
index beda387..433bf99 100644
--- a/drivers/net/wan/farsync.c
+++ b/drivers/net/wan/farsync.c
@@ -1971,6 +1971,7 @@ fst_get_iface(struct fst_card_info *card, struct fst_port_info *port,
}
i = port->index;
+ memset(&sync, 0, sizeof(sync));
sync.clock_rate = FST_RDL(card, portConfig[i].lineSpeed);
/* Lucky card and linux use same encoding here */
sync.clock_type = FST_RDB(card, portConfig[i].internalClock) ==
--
1.8.3.2
More information about the kernel-team
mailing list