Skip to content

Commit

Permalink
block: cciss: fix information leak to userland
Browse files Browse the repository at this point in the history 
Structure IOCTL_Command_struct is copied to userland with
some padding fields at the end of the struct unitialized.
It leads to leaking of contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
  • Loading branch information
Vasiliy Kulikov authored and Jens Axboe committed Oct 28, 2010
1 parent 027b180 commit 7ab5118
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions drivers/block/cciss.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1184,6 +1184,7 @@ static int cciss_ioctl32_big_passthru(struct block_device *bdev, fmode_t mode,
int err;
u32 cp;

memset(&arg64, 0, sizeof(arg64));
err = 0;
err |=
copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
Expand Down

0 comments on commit 7ab5118

Please sign in to comment.