[Lucid][CVE-2014-1445] wanxl: fix info leak in ioctl
Luis Henriques
luis.henriques at canonical.com
Tue Jan 28 13:21:16 UTC 2014
From: Salva Peiró <speiro at ai2.upv.es>
CVE-2014-1445
BugLink: http://bugs.launchpad.net/bugs/1271444
The wanxl_ioctl() code fails to initialize the two padding bytes of
struct sync_serial_settings after the ->loopback member. Add an explicit
memset(0) before filling the structure to avoid the info leak.
Signed-off-by: Salva Peiró <speiro at ai2.upv.es>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit 2b13d06c9584b4eb773f1e80bbaedab9a1c344e1)
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
drivers/net/wan/wanxl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wan/wanxl.c b/drivers/net/wan/wanxl.c
index daee8a0..b52b378 100644
--- a/drivers/net/wan/wanxl.c
+++ b/drivers/net/wan/wanxl.c
@@ -354,6 +354,7 @@ static int wanxl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
ifr->ifr_settings.size = size; /* data size wanted */
return -ENOBUFS;
}
+ memset(&line, 0, sizeof(line));
line.clock_type = get_status(port)->clocking;
line.clock_rate = 0;
line.loopback = 0;
--
1.8.3.2
More information about the kernel-team
mailing list