aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/char
diff options
context:
space:
mode:
authorVasiliy Kulikov <segooon@gmail.com>2010-10-27 15:34:21 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2010-10-27 18:03:14 -0700
commit19714a8af8fe8618a9beace1f7a3bb10d55d5e2f (patch)
treecdeb07d5d1c2038d1f2251e8455075ccdfa4903e /drivers/char
parentffd7d6baa65e6161cfd996a59d55c48571c2a5f3 (diff)
downloadkernel_samsung_crespo-19714a8af8fe8618a9beace1f7a3bb10d55d5e2f.zip
kernel_samsung_crespo-19714a8af8fe8618a9beace1f7a3bb10d55d5e2f.tar.gz
kernel_samsung_crespo-19714a8af8fe8618a9beace1f7a3bb10d55d5e2f.tar.bz2
drivers/char/applicom.c: fix information leak to userland
Structure st_loc is copied to userland with some fields unitialized. It leads to leaking of stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers/char')
-rw-r--r--drivers/char/applicom.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/char/applicom.c b/drivers/char/applicom.c
index e7ba774..25373df 100644
--- a/drivers/char/applicom.c
+++ b/drivers/char/applicom.c
@@ -566,6 +566,7 @@ static ssize_t ac_read (struct file *filp, char __user *buf, size_t count, loff_
struct mailbox mailbox;
/* Got a packet for us */
+ memset(&st_loc, 0, sizeof(st_loc));
ret = do_ac_read(i, buf, &st_loc, &mailbox);
spin_unlock_irqrestore(&apbs[i].mutex, flags);
set_current_state(TASK_RUNNING);