Skip to content

Commit

Permalink
drivers/ptp: Fix kernel memory disclosure
Browse files Browse the repository at this point in the history 
The reserved field precise_offset->rsv is not cleared before being
copied to user space, leaking kernel stack memory. Clear the struct
before it's copied.

Signed-off-by: Vlad Tsyrklevich <vlad@tsyrklevich.net>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Vlad Tsyrklevich authored and David S. Miller committed Oct 13, 2016
1 parent b8a4ddb commit 02a9079
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions drivers/ptp/ptp_chardev.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,7 @@ long ptp_ioctl(struct posix_clock *pc, unsigned int cmd, unsigned long arg)
if (err)
break;

memset(&precise_offset, 0, sizeof(precise_offset));
ts = ktime_to_timespec64(xtstamp.device);
precise_offset.device.sec = ts.tv_sec;
precise_offset.device.nsec = ts.tv_nsec;
Expand Down

0 comments on commit 02a9079

Please sign in to comment.