* [patch -next] wan/fsl_ucc_hdlc: info leak in uhdlc_ioctl()
@ 2016-07-14 10:34 Dan Carpenter
2016-07-14 10:52 ` walter harms
0 siblings, 1 reply; 5+ messages in thread
From: Dan Carpenter @ 2016-07-14 10:34 UTC (permalink / raw)
To: Zhao Qiang; +Cc: netdev, linuxppc-dev, kernel-janitors
There is a 2 byte struct whole after line.loopback so we need to clear
that out to avoid disclosing stack information.
Fixes: c19b6d246a35 ('drivers/net: support hdlc function for QE-UCC')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/net/wan/fsl_ucc_hdlc.c b/drivers/net/wan/fsl_ucc_hdlc.c
index 19174ac..7608561 100644
--- a/drivers/net/wan/fsl_ucc_hdlc.c
+++ b/drivers/net/wan/fsl_ucc_hdlc.c
@@ -635,6 +635,7 @@ static int uhdlc_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
ifr->ifr_settings.size = size; /* data size wanted */
return -ENOBUFS;
}
+ memset(&line, 0, sizeof(line));
line.clock_type = priv->clocking;
line.clock_rate = 0;
line.loopback = 0;
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [patch -next] wan/fsl_ucc_hdlc: info leak in uhdlc_ioctl()
2016-07-14 10:34 [patch -next] wan/fsl_ucc_hdlc: info leak in uhdlc_ioctl() Dan Carpenter
@ 2016-07-14 10:52 ` walter harms
2016-07-14 11:16 ` [patch v2 " Dan Carpenter
2016-07-14 11:17 ` [patch " Dan Carpenter
0 siblings, 2 replies; 5+ messages in thread
From: walter harms @ 2016-07-14 10:52 UTC (permalink / raw)
To: Dan Carpenter; +Cc: Zhao Qiang, netdev, linuxppc-dev, kernel-janitors
Am 14.07.2016 12:34, schrieb Dan Carpenter:
> There is a 2 byte struct whole after line.loopback so we need to clear
> that out to avoid disclosing stack information.
>
> Fixes: c19b6d246a35 ('drivers/net: support hdlc function for QE-UCC')
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/net/wan/fsl_ucc_hdlc.c b/drivers/net/wan/fsl_ucc_hdlc.c
> index 19174ac..7608561 100644
> --- a/drivers/net/wan/fsl_ucc_hdlc.c
> +++ b/drivers/net/wan/fsl_ucc_hdlc.c
> @@ -635,6 +635,7 @@ static int uhdlc_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
> ifr->ifr_settings.size = size; /* data size wanted */
> return -ENOBUFS;
> }
> + memset(&line, 0, sizeof(line));
> line.clock_type = priv->clocking;
> line.clock_rate = 0;
> line.loopback = 0;
In this case
line.clock_rate = 0;
line.loopback = 0;
are not need any more and can be removed
except like them to have for documentation or so.
re,
wh
^ permalink raw reply [flat|nested] 5+ messages in thread
* [patch v2 -next] wan/fsl_ucc_hdlc: info leak in uhdlc_ioctl()
2016-07-14 10:52 ` walter harms
@ 2016-07-14 11:16 ` Dan Carpenter
2016-07-15 18:43 ` David Miller
2016-07-14 11:17 ` [patch " Dan Carpenter
1 sibling, 1 reply; 5+ messages in thread
From: Dan Carpenter @ 2016-07-14 11:16 UTC (permalink / raw)
To: Zhao Qiang; +Cc: netdev, linuxppc-dev, kernel-janitors, walter harms
There is a 2 byte struct whole after line.loopback so we need to clear
that out to avoid disclosing stack information.
Fixes: c19b6d246a35 ('drivers/net: support hdlc function for QE-UCC')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: remove the other initialization to zero
diff --git a/drivers/net/wan/fsl_ucc_hdlc.c b/drivers/net/wan/fsl_ucc_hdlc.c
index 19174ac..6edd48a 100644
--- a/drivers/net/wan/fsl_ucc_hdlc.c
+++ b/drivers/net/wan/fsl_ucc_hdlc.c
@@ -635,9 +635,8 @@ static int uhdlc_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
ifr->ifr_settings.size = size; /* data size wanted */
return -ENOBUFS;
}
+ memset(&line, 0, sizeof(line));
line.clock_type = priv->clocking;
- line.clock_rate = 0;
- line.loopback = 0;
if (copy_to_user(ifr->ifr_settings.ifs_ifsu.sync, &line, size))
return -EFAULT;
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [patch -next] wan/fsl_ucc_hdlc: info leak in uhdlc_ioctl()
2016-07-14 10:52 ` walter harms
2016-07-14 11:16 ` [patch v2 " Dan Carpenter
@ 2016-07-14 11:17 ` Dan Carpenter
1 sibling, 0 replies; 5+ messages in thread
From: Dan Carpenter @ 2016-07-14 11:17 UTC (permalink / raw)
To: walter harms; +Cc: Zhao Qiang, netdev, linuxppc-dev, kernel-janitors
Good point. Thanks.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [patch v2 -next] wan/fsl_ucc_hdlc: info leak in uhdlc_ioctl()
2016-07-14 11:16 ` [patch v2 " Dan Carpenter
@ 2016-07-15 18:43 ` David Miller
0 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2016-07-15 18:43 UTC (permalink / raw)
To: dan.carpenter; +Cc: qiang.zhao, netdev, linuxppc-dev, kernel-janitors, wharms
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Thu, 14 Jul 2016 14:16:53 +0300
> There is a 2 byte struct whole after line.loopback so we need to clear
> that out to avoid disclosing stack information.
>
> Fixes: c19b6d246a35 ('drivers/net: support hdlc function for QE-UCC')
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> v2: remove the other initialization to zero
Applied.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-07-15 18:43 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-07-14 10:34 [patch -next] wan/fsl_ucc_hdlc: info leak in uhdlc_ioctl() Dan Carpenter
2016-07-14 10:52 ` walter harms
2016-07-14 11:16 ` [patch v2 " Dan Carpenter
2016-07-15 18:43 ` David Miller
2016-07-14 11:17 ` [patch " Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).