On Thu, 13 Oct 2016 14:36:41 +0200,
Vlad Tsyrklevich wrote:
>
> Some elements in hr are not cleared before being copied to user space,
> leaking kernel heap memory to user space. For example, this happens in
> the error handling code for the HPI_ADAPTER_DELETE case. Zero the memory
> before it's copied.
>
> Signed-off-by: Vlad Tsyrklevich <vlad@xxxxxxxxxxxxxxx>
Applied, thanks.
Takashi
> ---
> sound/pci/asihpi/hpioctl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/sound/pci/asihpi/hpioctl.c b/sound/pci/asihpi/hpioctl.c
> index d17937b..7e3aa50 100644
> --- a/sound/pci/asihpi/hpioctl.c
> +++ b/sound/pci/asihpi/hpioctl.c
> @@ -111,7 +111,7 @@ long asihpi_hpi_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> return -EINVAL;
>
> hm = kmalloc(sizeof(*hm), GFP_KERNEL);
> - hr = kmalloc(sizeof(*hr), GFP_KERNEL);
> + hr = kzalloc(sizeof(*hr), GFP_KERNEL);
> if (!hm || !hr) {
> err = -ENOMEM;
> goto out;
> --
> 2.7.0
>
> _______________________________________________
> Alsa-devel mailing list
> Alsa-devel@xxxxxxxxxxxxxxxx
> http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
>
_______________________________________________
Alsa-devel mailing list
Alsa-devel@xxxxxxxxxxxxxxxx
http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
