From patchwork Fri Dec 13 07:46:07 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Salva_Peir=C3=B3?= X-Patchwork-Id: 300932 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id CEF502C00A0 for ; Fri, 13 Dec 2013 19:06:59 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752026Ab3LMIGe (ORCPT ); Fri, 13 Dec 2013 03:06:34 -0500 Received: from smtpsalv.cc.upv.es ([158.42.249.11]:60669 "EHLO smtpsalv.upv.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751461Ab3LMIGc (ORCPT ); Fri, 13 Dec 2013 03:06:32 -0500 X-Greylist: delayed 1205 seconds by postgrey-1.27 at vger.kernel.org; Fri, 13 Dec 2013 03:06:32 EST Received: from smtpx.upv.es (smtpxv.cc.upv.es [158.42.249.46]) by smtpsalv.upv.es (8.14.4/8.14.4) with ESMTP id rBD7kHAM002683 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 13 Dec 2013 08:46:17 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=upv.es; s=default; t=1386920778; bh=y46pUH9gy4ZYnUe3IA1S1HtHGXA/aZrGSq2G1vjbyTY=; h=From:To:Cc:Subject:Date; b=l68rCcAl3/FTMRuTovSv7yxHh1Hi4Sz+BTOv5xwYeZDyKmqL84w+i9LyI05X9nctN vQIQePLF68ZcZWiZ5M88c53Skq0NqPC0TNeWONOgxUCnF9THPPfkqbRTJSk6pNSkmW 07XmBO+BppkBin+suJSnztLUQ1HH1TmMEMAOBpjZPMPcKuc1V1Iwa4PWrWaExUSTmU HbWG6V4FLWWY0TjotN9YiCkTlGYJIJuh5ZH1UPlxKPDqTjG/7qRtYq4OsAPOCawu7C El9HSzkqN633qPnDakTXKL09hb6Nc3kiuqZ+kuO5SrdB6B/Pz8tAN/QCiVgsTS5XXg VAiDUSx7UzdyA== Received: from smtp.upv.es (celaeno.cc.upv.es [158.42.249.55]) by smtpx.upv.es (8.14.3/8.14.3) with ESMTP id rBD7kHSk025951; Fri, 13 Dec 2013 08:46:17 +0100 Received: from crespins.upv.es (crespins.disca.upv.es [158.42.54.58]) (authenticated bits=0) by smtp.upv.es (8.13.6/8.13.6) with ESMTP id rBD7kFtt013043 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 13 Dec 2013 08:46:15 +0100 From: =?UTF-8?q?Salva=20Peir=C3=B3?= To: linux-kernel@vger.kernel.org Cc: , , , Jean-Paul Roubelat , =?UTF-8?q?Salva=20Peir=C3=B3?= , Subject: =?UTF-8?q?=5BPATCH=5D=20hamradio/yam=3A=20fix=20info=20leak=20in=20ioctl?= Date: Fri, 13 Dec 2013 08:46:07 +0100 Message-Id: <1386920767-27962-1-git-send-email-speiro@ai2.upv.es> X-Mailer: git-send-email 1.7.10.4 MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The yam_ioctl() code fails to initialise the cmd field of the struct yamdrv_ioctl_cfg. Add an explicit memset(0) before filling the structure to avoid the 4-byte info leak. Signed-off-by: Salva Peiró CC: --- drivers/net/hamradio/yam.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/hamradio/yam.c b/drivers/net/hamradio/yam.c index 1971411..bb02c8a 100644 --- a/drivers/net/hamradio/yam.c +++ b/drivers/net/hamradio/yam.c @@ -953,6 +953,7 @@ static int yam_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) struct yamdrv_ioctl_mcs *ym; int ioctl_cmd; + memset(&yi, 0, sizeof(yi)); if (copy_from_user(&ioctl_cmd, ifr->ifr_data, sizeof(int))) return -EFAULT;