Skip to content

Commit

Permalink
drivers/net/usb/hso.c: prevent reading uninitialized memory
Browse files Browse the repository at this point in the history 
Fixed formatting (tabs and line breaks).

The TIOCGICOUNT device ioctl allows unprivileged users to read
uninitialized stack memory, because the "reserved" member of the
serial_icounter_struct struct declared on the stack in hso_get_count()
is not altered or zeroed before being copied back to the user.  This
patch takes care of it.

Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Dan Rosenberg authored and David S. Miller committed Sep 17, 2010
1 parent e71895a commit 7011e66
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions drivers/net/usb/hso.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1652,6 +1652,8 @@ static int hso_get_count(struct hso_serial *serial,
struct uart_icount cnow;
struct hso_tiocmget *tiocmget = serial->tiocmget;

memset(&icount, 0, sizeof(struct serial_icounter_struct));

if (!tiocmget)
return -ENOENT;
spin_lock_irq(&serial->serial_lock);
Expand Down

0 comments on commit 7011e66

Please sign in to comment.