提交 b9b11342 编写于 作者: V Vasiliy Kulikov 提交者: Linus Torvalds

drivers/char/ppdev.c: fix information leak to userland

Structure par_timeout is copied to userland with some padding fields
unitialized.  Field tv_usec has type __kernel_suseconds_t, it differs from
tv_sec's type on some architectures.  It leads to leaking of stack memory.
Signed-off-by: NVasiliy Kulikov <segooon@gmail.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 19714a8a
...@@ -613,6 +613,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg) ...@@ -613,6 +613,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
case PPGETTIME: case PPGETTIME:
to_jiffies = pp->pdev->timeout; to_jiffies = pp->pdev->timeout;
memset(&par_timeout, 0, sizeof(par_timeout));
par_timeout.tv_sec = to_jiffies / HZ; par_timeout.tv_sec = to_jiffies / HZ;
par_timeout.tv_usec = (to_jiffies % (long)HZ) * (1000000/HZ); par_timeout.tv_usec = (to_jiffies % (long)HZ) * (1000000/HZ);
if (copy_to_user (argp, &par_timeout, sizeof(struct timeval))) if (copy_to_user (argp, &par_timeout, sizeof(struct timeval)))
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册