[Lucid][CVE-2014-1446] hamradio/yam: fix info leak in ioctl
Luis Henriques
luis.henriques at canonical.com
Tue Jan 28 13:21:17 UTC 2014
From: Salva Peiró <speiro at ai2.upv.es>
CVE-2014-1446
BugLink: http://bugs.launchpad.net/bugs/1271445
The yam_ioctl() code fails to initialise the cmd field
of the struct yamdrv_ioctl_cfg. Add an explicit memset(0)
before filling the structure to avoid the 4-byte info leak.
Signed-off-by: Salva Peiró <speiro at ai2.upv.es>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit 8e3fbf870481eb53b2d3a322d1fc395ad8b367ed)
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
drivers/net/hamradio/yam.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/hamradio/yam.c b/drivers/net/hamradio/yam.c
index 694132e..1a1002d 100644
--- a/drivers/net/hamradio/yam.c
+++ b/drivers/net/hamradio/yam.c
@@ -1060,6 +1060,7 @@ static int yam_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
break;
case SIOCYAMGCFG:
+ memset(&yi, 0, sizeof(yi));
yi.cfg.mask = 0xffffffff;
yi.cfg.iobase = yp->iobase;
yi.cfg.irq = yp->irq;
--
1.8.3.2
More information about the kernel-team
mailing list