On Sun, Jul 19, 2009 at 09:15:19PM +0200, Michael Buesch wrote:
> Don't leak kernel stack information through uninitialized structure members.
>
> Signed-off-by: Michael Buesch <mb@xxxxxxxxx>
> Cc: stable@xxxxxxxxxx
>
> ---
>
> This patch is only compile tested.
>
> ---
> drivers/ide/ide-tape.c | 1 +
> 1 file changed, 1 insertion(+)
>
> --- linux-2.6.orig/drivers/ide/ide-tape.c
> +++ linux-2.6/drivers/ide/ide-tape.c
> @@ -1057,20 +1057,21 @@ static int idetape_blkdev_ioctl(ide_driv
>
> debug_log(DBG_PROCS, "Enter %s\n", __func__);
>
> switch (cmd) {
> case 0x0340:
> if (copy_from_user(&config, argp, sizeof(config)))
> return -EFAULT;
> tape->best_dsc_rw_freq = config.dsc_rw_frequency;
> break;
> case 0x0350:
> + memset(&config, 0, sizeof(config));
Well, I can't find config.dsc_media_access_frequency as being used
anywhere since the git years of the kernel. I found¹ some archaic
kernels from 1995 (1.3 series) which used to have IDETAPE_RESET_IOCTL
defined as 0x0350 but can't seem to find any userspace use of that
ioctl.
If there's none, you might just as well remove
config.dsc_media_access_frequency as an alternative solution.
@Bart: Any historic info I'm missing here?
¹http://www.google.com/search?q=IDETAPE_RESET_IOCTL
--
Regards/Gruss,
Boris.
--
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
