Skip to content

Commit

Permalink
agp: info leak in agpioc_info_wrap()
Browse files Browse the repository at this point in the history 
On 64 bit systems the agp_info struct has a 4 byte hole between
->agp_mode and ->aper_base.  We need to clear it to avoid disclosing
stack information to userspace.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
  • Loading branch information
Dan Carpenter authored and Dave Airlie committed May 5, 2014
1 parent 0384dca commit 3cf0b03
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions drivers/char/agp/frontend.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -730,6 +730,7 @@ static int agpioc_info_wrap(struct agp_file_private *priv, void __user *arg)

agp_copy_info(agp_bridge, &kerninfo);

memset(&userinfo, 0, sizeof(userinfo));
userinfo.version.major = kerninfo.version.major;
userinfo.version.minor = kerninfo.version.minor;
userinfo.bridge_id = kerninfo.device->vendor |
Expand Down

0 comments on commit 3cf0b03

Please sign in to comment.