ALSA: asihpi: fix kernel memory disclosure

Some elements in hr are not cleared before being copied to user space, leaking kernel heap memory to user space. For example, this happens in the error handling code for the HPI_ADAPTER_DELETE case. Zero the memory before it's copied. Signed-off-by: N Vlad Tsyrklevich <vlad@tsyrklevich.net> Signed-off-by: N Takashi Iwai <tiwai@suse.de>

ALSA: asihpi: fix kernel memory disclosure
Some elements in hr are not cleared before being copied to user space, leaking kernel heap memory to user space. For example, this happens in the error handling code for the HPI_ADAPTER_DELETE case. Zero the memory before it's copied. Signed-off-by: N Vlad Tsyrklevich <vlad@tsyrklevich.net> Signed-off-by: N Takashi Iwai <tiwai@suse.de>
d69bb92e · Vlad Tsyrklevich · Takashi Iwai · f771d5bb · d69bb92e
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

sound/pci/asihpi/hpioctl.c sound/pci/asihpi/hpioctl.c +1 -1

未找到文件。
--- a/sound/pci/asihpi/hpioctl.c
+++ b/sound/pci/asihpi/hpioctl.c
@@ -111,7 +111,7 @@ long asihpi_hpi_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 		return -EINVAL;

 	hm = kmalloc(sizeof(*hm), GFP_KERNEL);
-	hr = kmalloc(sizeof(*hr), GFP_KERNEL);
+	hr = kzalloc(sizeof(*hr), GFP_KERNEL);
 	if (!hm || !hr) {
 		err = -ENOMEM;
 		goto out;