diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-11-14 12:44:48 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-11-14 12:44:48 -0800 |
commit | f720d7df993b2cd62c723f1803bc8330871d478f (patch) | |
tree | b9e7258adc77964f7ec1531926c90cfa78f11447 | |
parent | 3865efcb14f46a5e01852d30a34b2c0dce076b3e (diff) | |
parent | eaca2d8e75e90a70a63a6695c9f61932609db212 (diff) | |
download | lwn-f720d7df993b2cd62c723f1803bc8330871d478f.tar.gz lwn-f720d7df993b2cd62c723f1803bc8330871d478f.zip |
Merge tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394
Pull firewire fix from Stefan Richter:
"IEEE 1394 (FireWire) subsystem fix: The character device file
interface for raw 1394 I/O took uninitialized kernel stack as
substitute for missing ioctl() argument data. This could partially
show up in subsequent read() output"
* tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
firewire: cdev: prevent kernel stack leaking into ioctl arguments
-rw-r--r-- | drivers/firewire/core-cdev.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c index 5d997a33907e..2a3973a7c441 100644 --- a/drivers/firewire/core-cdev.c +++ b/drivers/firewire/core-cdev.c @@ -1637,8 +1637,7 @@ static int dispatch_ioctl(struct client *client, _IOC_SIZE(cmd) > sizeof(buffer)) return -ENOTTY; - if (_IOC_DIR(cmd) == _IOC_READ) - memset(&buffer, 0, _IOC_SIZE(cmd)); + memset(&buffer, 0, sizeof(buffer)); if (_IOC_DIR(cmd) & _IOC_WRITE) if (copy_from_user(&buffer, arg, _IOC_SIZE(cmd))) |