diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-11-14 12:44:48 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-11-14 12:44:48 -0800 |
commit | f720d7df993b2cd62c723f1803bc8330871d478f (patch) | |
tree | b9e7258adc77964f7ec1531926c90cfa78f11447 | |
parent | Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs (diff) | |
parent | firewire: cdev: prevent kernel stack leaking into ioctl arguments (diff) | |
download | linux-dev-f720d7df993b2cd62c723f1803bc8330871d478f.tar.xz linux-dev-f720d7df993b2cd62c723f1803bc8330871d478f.zip |
Merge tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394
Pull firewire fix from Stefan Richter:
"IEEE 1394 (FireWire) subsystem fix: The character device file
interface for raw 1394 I/O took uninitialized kernel stack as
substitute for missing ioctl() argument data. This could partially
show up in subsequent read() output"
* tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
firewire: cdev: prevent kernel stack leaking into ioctl arguments
-rw-r--r-- | drivers/firewire/core-cdev.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c index 5d997a33907e..2a3973a7c441 100644 --- a/drivers/firewire/core-cdev.c +++ b/drivers/firewire/core-cdev.c @@ -1637,8 +1637,7 @@ static int dispatch_ioctl(struct client *client, _IOC_SIZE(cmd) > sizeof(buffer)) return -ENOTTY; - if (_IOC_DIR(cmd) == _IOC_READ) - memset(&buffer, 0, _IOC_SIZE(cmd)); + memset(&buffer, 0, sizeof(buffer)); if (_IOC_DIR(cmd) & _IOC_WRITE) if (copy_from_user(&buffer, arg, _IOC_SIZE(cmd))) |