* [PATCH] drivers/char/amiserial.c: prevent reading uninitialized stack memory
@ 2010-09-15 21:44 Dan Rosenberg
0 siblings, 0 replies; only message in thread
From: Dan Rosenberg @ 2010-09-15 21:44 UTC (permalink / raw)
To: linux-kernel; +Cc: security, stable
The TIOCGICOUNT device ioctl allows unprivileged users to read
uninitialized stack memory, because the "reserved" member of the
serial_icounter_struct struct declared on the stack is not altered or
zeroed before being copied back to the user. This patch takes care of
it.
Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
--- linux-2.6.35.4.orig/drivers/char/amiserial.c 2010-08-26 19:47:12.000000000 -0400
+++ linux-2.6.35.4/drivers/char/amiserial.c 2010-09-15 13:58:00.217343289 -0400
@@ -1342,6 +1342,9 @@ static int rs_ioctl(struct tty_struct *t
local_irq_save(flags);
cnow = info->state->icount;
local_irq_restore(flags);
+
+ memset(&icount, 0, sizeof(struct serial_icounter_struct));
+
icount.cts = cnow.cts;
icount.dsr = cnow.dsr;
icount.rng = cnow.rng;
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-09-15 21:50 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-09-15 21:44 [PATCH] drivers/char/amiserial.c: prevent reading uninitialized stack memory Dan Rosenberg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.