Re: [PATCH][next] crypto: chtls: don't leak information from the stack to userspace

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 05, 2018 at 05:44:03PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> 
> The structure crypto_info contains fields that are not initialized and
> only .version is set.  The copy_to_user call is hence leaking information
> from the stack to userspace which must be avoided. Fix this by zero'ing
> all the unused fields.
> 
> Detected by CoverityScan, CID#1467421 ("Uninitialized scalar variable")
> 
> Fixes: a08943947873 ("crypto: chtls - Register chtls with net tls")
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux