summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan Carpenter <dan.carpenter@oracle.com>2015-09-16 09:42:25 +0300
committerDoug Ledford <dledford@redhat.com>2015-09-18 11:28:47 -0400
commitebe6b2e8bc2cd06a330b3f9be8a4fa3ff44ab026 (patch)
treedfaa59fdfe4d7dd08185c7eb0151157e2ea3da58
parent951842b0540d2ed49ae29ba968adc496baf46556 (diff)
downloadlwn-ebe6b2e8bc2cd06a330b3f9be8a4fa3ff44ab026.tar.gz
lwn-ebe6b2e8bc2cd06a330b3f9be8a4fa3ff44ab026.zip
IB/hfi1: info leak in get_ctxt_info()
The cinfo struct has a hole after the last struct member so we need to zero it out. Otherwise we disclose some uninitialized stack data. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Doug Ledford <dledford@redhat.com>
-rw-r--r--drivers/staging/rdma/hfi1/file_ops.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/staging/rdma/hfi1/file_ops.c b/drivers/staging/rdma/hfi1/file_ops.c
index 469861750b76..2c43ca5a379b 100644
--- a/drivers/staging/rdma/hfi1/file_ops.c
+++ b/drivers/staging/rdma/hfi1/file_ops.c
@@ -1181,6 +1181,7 @@ static int get_ctxt_info(struct file *fp, void __user *ubase, __u32 len)
struct hfi1_filedata *fd = fp->private_data;
int ret = 0;
+ memset(&cinfo, 0, sizeof(cinfo));
ret = hfi1_get_base_kinfo(uctxt, &cinfo);
if (ret < 0)
goto done;