Skip to content

Commit

Permalink
cpqarray: fix info leak in ida_locked_ioctl()
Browse files Browse the repository at this point in the history 
The pciinfo struct has a two byte hole after ->dev_fn so stack
information could be leaked to the user.

This was assigned CVE-2013-2147.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Mike Miller <mike.miller@hp.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
Dan Carpenter authored and Linus Torvalds committed Sep 25, 2013
1 parent e2f0b88 commit 627aad1
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions drivers/block/cpqarray.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1193,6 +1193,7 @@ static int ida_locked_ioctl(struct block_device *bdev, fmode_t mode, unsigned in
ida_pci_info_struct pciinfo;

if (!arg) return -EINVAL;
memset(&pciinfo, 0, sizeof(pciinfo));
pciinfo.bus = host->pci_dev->bus->number;
pciinfo.dev_fn = host->pci_dev->devfn;
pciinfo.board_id = host->board_id;
Expand Down

0 comments on commit 627aad1

Please sign in to comment.