evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

scsi: ufs: fix a possible kernel info leak to userspace

Browse source 
This change fixes a possible info leak from kernel into userspace, since
two buffers were allocated with kmalloc() and never set their memory
region to 0.
Now, they are being allocated with kzalloc that fixes this issue

Change-Id: I23012ae8d3611c561511775362c3014b9a8be522
Signed-off-by: Yaniv Gardi <ygardi@codeaurora.org>
This commit is contained in:
Yaniv Gardi 2014-08-01 00:54:26 +03:00 committed by David Keitel
parent 3281c7b77e
commit 6b3f3f257a
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
drivers/scsi/ufs/ufshcd.c
View file

@ -5014,7 +5014,7 @@ static int ufshcd_query_ioctl(struct ufs_hba *hba, u8 lun, void __user *buffer)
u8 index;
u8 *desc = NULL;
ioctl_data = kmalloc(sizeof(struct ufs_ioctl_query_data), GFP_KERNEL);
ioctl_data = kzalloc(sizeof(struct ufs_ioctl_query_data), GFP_KERNEL);
if (!ioctl_data) {
dev_err(hba->dev, "%s: Failed allocating %zu bytes\n", __func__,
sizeof(struct ufs_ioctl_query_data));
@ -5058,7 +5058,7 @@ static int ufshcd_query_ioctl(struct ufs_hba *hba, u8 lun, void __user *buffer)
}
length = min_t(int, QUERY_DESC_MAX_SIZE,
ioctl_data->buf_size);
desc = kmalloc(length, GFP_KERNEL);
desc = kzalloc(length, GFP_KERNEL);
if (!desc) {
dev_err(hba->dev, "%s: Failed allocating %d bytes\n",
__func__, length);