Re: [PATCH] ide-tape: Don't leak kernel stack information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jul 19, 2009 at 09:15:19PM +0200, Michael Buesch wrote:
> Don't leak kernel stack information through uninitialized structure members.
> 
> Signed-off-by: Michael Buesch <mb@xxxxxxxxx>
> Cc: stable@xxxxxxxxxx
> 
> ---
> 
> This patch is only compile tested.
> 
> ---
>  drivers/ide/ide-tape.c |    1 +
>  1 file changed, 1 insertion(+)
> 
> --- linux-2.6.orig/drivers/ide/ide-tape.c
> +++ linux-2.6/drivers/ide/ide-tape.c
> @@ -1057,20 +1057,21 @@ static int idetape_blkdev_ioctl(ide_driv
>  
>  	debug_log(DBG_PROCS, "Enter %s\n", __func__);
>  
>  	switch (cmd) {
>  	case 0x0340:
>  		if (copy_from_user(&config, argp, sizeof(config)))
>  			return -EFAULT;
>  		tape->best_dsc_rw_freq = config.dsc_rw_frequency;
>  		break;
>  	case 0x0350:
> +		memset(&config, 0, sizeof(config));

Well, I can't find config.dsc_media_access_frequency as being used
anywhere since the git years of the kernel. I found¹ some archaic
kernels from 1995 (1.3 series) which used to have IDETAPE_RESET_IOCTL
defined as 0x0350 but can't seem to find any userspace use of that
ioctl.

If there's none, you might just as well remove
config.dsc_media_access_frequency as an alternative solution.

@Bart: Any historic info I'm missing here?


¹http://www.google.com/search?q=IDETAPE_RESET_IOCTL

-- 
Regards/Gruss,
    Boris.
--
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Filesystems]     [Linux SCSI]     [Linux RAID]     [Git]     [Kernel Newbies]     [Linux Newbie]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Samba]     [Device Mapper]

  Powered by Linux