* [PATCH] drivers/net/usb/hso.c: prevent reading uninitialized memory
@ 2010-09-11 23:46 Dan Rosenberg
2010-09-14 3:11 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Dan Rosenberg @ 2010-09-11 23:46 UTC (permalink / raw)
To: j.dumon; +Cc: linux-kernel, security
The TIOCGICOUNT device ioctl allows unprivileged users to read 9 bytes
of uninitialized stack memory, because the "reserved" member of the
serial_icounter_struct struct declared on the stack in hso_get_count()
is not altered or zeroed before being copied back to the user. This
patch takes care of it.
Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
--- linux-2.6.35.4.orig/drivers/net/usb/hso.c 2010-09-11
19:12:00.000000000 -0400
+++ linux-2.6.35.4/drivers/net/usb/hso.c 2010-09-11 19:15:23.000000000 -0400
@@ -1653,6 +1653,8 @@ static int hso_get_count(struct hso_seri
struct uart_icount cnow;
struct hso_tiocmget *tiocmget = serial->tiocmget;
+ memset(&icount, 0, sizeof(struct serial_icounter_struct));
+
if (!tiocmget)
return -ENOENT;
spin_lock_irq(&serial->serial_lock);
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] drivers/net/usb/hso.c: prevent reading uninitialized memory
2010-09-11 23:46 [PATCH] drivers/net/usb/hso.c: prevent reading uninitialized memory Dan Rosenberg
@ 2010-09-14 3:11 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2010-09-14 3:11 UTC (permalink / raw)
To: dan.j.rosenberg; +Cc: j.dumon, linux-kernel, security
From: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Date: Sat, 11 Sep 2010 19:46:35 -0400
> --- linux-2.6.35.4.orig/drivers/net/usb/hso.c 2010-09-11
> 19:12:00.000000000 -0400
> +++ linux-2.6.35.4/drivers/net/usb/hso.c 2010-09-11 19:15:23.000000000 -0400
> @@ -1653,6 +1653,8 @@ static int hso_get_count(struct hso_seri
All of your patches were corrupted by your email client, long lines were
broken up, and tabs were converted into spaces.
This makes your patches unusable.
Also, all networking patches should be submitted with netdev@vger.kernel.org
in the CC: list.
Please correct these issues and resubmit your patches, thank you.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-09-14 3:11 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-09-11 23:46 [PATCH] drivers/net/usb/hso.c: prevent reading uninitialized memory Dan Rosenberg
2010-09-14 3:11 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.