Re: [PATCH] ide-tape: Don't leak kernel stack information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Monday 20 July 2009 09:38:14 Borislav Petkov wrote:
> On Sun, Jul 19, 2009 at 09:15:19PM +0200, Michael Buesch wrote:
> > Don't leak kernel stack information through uninitialized structure members.
> > 
> > Signed-off-by: Michael Buesch <mb@xxxxxxxxx>
> > Cc: stable@xxxxxxxxxx
> > 
> > ---
> > 
> > This patch is only compile tested.
> > 
> > ---
> >  drivers/ide/ide-tape.c |    1 +
> >  1 file changed, 1 insertion(+)
> > 
> > --- linux-2.6.orig/drivers/ide/ide-tape.c
> > +++ linux-2.6/drivers/ide/ide-tape.c
> > @@ -1057,20 +1057,21 @@ static int idetape_blkdev_ioctl(ide_driv
> >  
> >  	debug_log(DBG_PROCS, "Enter %s\n", __func__);
> >  
> >  	switch (cmd) {
> >  	case 0x0340:
> >  		if (copy_from_user(&config, argp, sizeof(config)))
> >  			return -EFAULT;
> >  		tape->best_dsc_rw_freq = config.dsc_rw_frequency;
> >  		break;
> >  	case 0x0350:
> > +		memset(&config, 0, sizeof(config));
> 
> Well, I can't find config.dsc_media_access_frequency as being used
> anywhere since the git years of the kernel. I found¹ some archaic
> kernels from 1995 (1.3 series) which used to have IDETAPE_RESET_IOCTL
> defined as 0x0350 but can't seem to find any userspace use of that
> ioctl.
> 
> If there's none, you might just as well remove
> config.dsc_media_access_frequency as an alternative solution.
> 
> @Bart: Any historic info I'm missing here?

We need to preserve struct idetape_config layout to not break the ioctl
(regardless if the field is really used by some user-space apps or not)..
--
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Filesystems]     [Linux SCSI]     [Linux RAID]     [Git]     [Kernel Newbies]     [Linux Newbie]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Samba]     [Device Mapper]

  Powered by Linux