[patch] Staging: vt6655-6: potential info leak in private_ioctl()

* [patch] Staging: vt6655-6: potential info leak in private_ioctl()
@ 2011-09-23  6:23 Dan Carpenter
  0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2011-09-23  6:23 UTC (permalink / raw)
  To: kernel-janitors

Smatch has a new check for Rosenberg type information leaks where
structs are copied to the user with uninitialized stack data in them.

In this path, the .uLinkRate member doesn't get initialized so I've
set it to zero.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/drivers/staging/vt6655/ioctl.c b/drivers/staging/vt6655/ioctl.c
index 8cf88c3..43964a5 100644
--- a/drivers/staging/vt6655/ioctl.c
+++ b/drivers/staging/vt6655/ioctl.c
@@ -296,6 +296,7 @@ int private_ioctl(PSDevice pDevice, struct ifreq *rq) {
         }
         else {
             sLinkStatus.bLink = false;
+	    sLinkStatus.uLinkRate = 0;
         }
         if (copy_to_user(pReq->data, &sLinkStatus, sizeof(SCmdLinkStatus))) {
 			result = -EFAULT;
diff --git a/drivers/staging/vt6656/ioctl.c b/drivers/staging/vt6656/ioctl.c
index cfe9c95..1cb9a7d 100644
--- a/drivers/staging/vt6656/ioctl.c
+++ b/drivers/staging/vt6656/ioctl.c
@@ -291,6 +291,7 @@ int private_ioctl(PSDevice pDevice, struct ifreq *rq) {
         }
         else {
             sLinkStatus.bLink = FALSE;
+	    sLinkStatus.uLinkRate = 0;
         }
         if (copy_to_user(pReq->data, &sLinkStatus, sizeof(SCmdLinkStatus))) {
 			result = -EFAULT;

^ permalink raw reply related	[flat|nested] only message in thread