media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()

[ Upstream commit a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1 ] The function at issue does not always initialize each byte allocated for 'b' and can therefore leak uninitialized memory to a USB device in the call to usb_bulk_msg() Use kzalloc() instead of kmalloc() Signed-off-by: N Tomas Bortoli <tomasbortoli@gmail.com> Reported-by: syzbot+0522702e9d67142379f1@syzkaller.appspotmail.com Signed-off-by: N Sean Young <sean@mess.org> Signed-off-by: N Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Signed-off-by: N Sasha Levin <sashal@kernel.org>

media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
[ Upstream commit a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1 ] The function at issue does not always initialize each byte allocated for 'b' and can therefore leak uninitialized memory to a USB device in the call to usb_bulk_msg() Use kzalloc() instead of kmalloc() Signed-off-by: N Tomas Bortoli <tomasbortoli@gmail.com> Reported-by: syzbot+0522702e9d67142379f1@syzkaller.appspotmail.com Signed-off-by: N Sean Young <sean@mess.org> Signed-off-by: N Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Signed-off-by: N Sasha Levin <sashal@kernel.org>
8630a4d1 · Tomas Bortoli · Greg Kroah-Hartman · d4763691 · 8630a4d1
显示空白变更内容
内联并排

Showing with 1 addition and 1 deletion

drivers/media/usb/ttusb-dec/ttusb_dec.c drivers/media/usb/ttusb-dec/ttusb_dec.c +1 -1

未找到文件。
--- a/drivers/media/usb/ttusb-dec/ttusb_dec.c
+++ b/drivers/media/usb/ttusb-dec/ttusb_dec.c
@@ -329,7 +329,7 @@ static int ttusb_dec_send_command(struct ttusb_dec *dec, const u8 command,

 	dprintk("%s\n", __func__);

-	b = kmalloc(COMMAND_PACKET_SIZE + 4, GFP_KERNEL);
+	b = kzalloc(COMMAND_PACKET_SIZE + 4, GFP_KERNEL);
 	if (!b)
 		return -ENOMEM;