ipmi: info leak in compat_ipmi_ioctl()

On x86_64 there is a 4 byte hole between ->recv_type and ->addr. Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Corey Minyard <cminyard@mvista.com> Signed-off-by: N Linus Torvalds <torvalds@linux-foundation.org>

ipmi: info leak in compat_ipmi_ioctl()
On x86_64 there is a 4 byte hole between ->recv_type and ->addr. Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Corey Minyard <cminyard@mvista.com> Signed-off-by: N Linus Torvalds <torvalds@linux-foundation.org>
fa7df37b · Dan Carpenter · Linus Torvalds · 6e466452 · fa7df37b
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

drivers/char/ipmi/ipmi_devintf.c drivers/char/ipmi/ipmi_devintf.c +1 -0

未找到文件。
--- a/drivers/char/ipmi/ipmi_devintf.c
+++ b/drivers/char/ipmi/ipmi_devintf.c
@@ -810,6 +810,7 @@ static long compat_ipmi_ioctl(struct file *filep, unsigned int cmd,
 		struct ipmi_recv   __user *precv64;
 		struct ipmi_recv   recv64;

+		memset(&recv64, 0, sizeof(recv64));
 		if (get_compat_ipmi_recv(&recv64, compat_ptr(arg)))
 			return -EFAULT;