USB: usbfs: fix potential infoleak in devio
commit 681fef8380eb818c0b845fca5d2ab1dcbab114ee upstream. The stack object “ci” has a total size of 8 bytes. Its last 3 bytes are padding bytes which are not initialized and leaked to userland via “copy_to_user”. Signed-off-by: Kangjie Lu <kjlu@gatech.edu> Signed-off-by: Chas Williams <ciwillia@brocade.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
97917f4521
commit
4077ef4797
1 changed files with 5 additions and 4 deletions
|
@ -1203,10 +1203,11 @@ static int proc_getdriver(struct usb_dev_state *ps, void __user *arg)
|
|||
|
||||
static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg)
|
||||
{
|
||||
struct usbdevfs_connectinfo ci = {
|
||||
.devnum = ps->dev->devnum,
|
||||
.slow = ps->dev->speed == USB_SPEED_LOW
|
||||
};
|
||||
struct usbdevfs_connectinfo ci;
|
||||
|
||||
memset(&ci, 0, sizeof(ci));
|
||||
ci.devnum = ps->dev->devnum;
|
||||
ci.slow = ps->dev->speed == USB_SPEED_LOW;
|
||||
|
||||
if (copy_to_user(arg, &ci, sizeof(ci)))
|
||||
return -EFAULT;
|
||||
|
|
Loading…
Add table
Reference in a new issue