staging: dgrp: info leak in dgrp_dpa_ioctl()
authorDan Carpenter <dan.carpenter@oracle.com>
Sun, 21 Apr 2013 11:08:31 +0000 (14:08 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 22 Apr 2013 17:25:46 +0000 (10:25 -0700)
If "nd->nd_vpd_len" is less than 512 then the last part of the
"vpd.vpd_data" has uninitialized stack information.  We need to clear it
before copying the buffer to user space.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/dgrp/dgrp_dpa_ops.c

index 67fb3d6..ca10a33 100644 (file)
@@ -432,6 +432,7 @@ static long dgrp_dpa_ioctl(struct file *file, unsigned int cmd,
 
 
        case DIGI_GETVPD:
+               memset(&vpd, 0, sizeof(vpd));
                if (nd->nd_vpd_len > 0) {
                        vpd.vpd_len = nd->nd_vpd_len;
                        memcpy(&vpd.vpd_data, &nd->nd_vpd, nd->nd_vpd_len);