On Monday 20 July 2009 09:38:14 Borislav Petkov wrote:
> On Sun, Jul 19, 2009 at 09:15:19PM +0200, Michael Buesch wrote:
> > Don't leak kernel stack information through uninitialized structure members.
> >
> > Signed-off-by: Michael Buesch <mb@xxxxxxxxx>
> > Cc: stable@xxxxxxxxxx
> >
> > ---
> >
> > This patch is only compile tested.
> >
> > ---
> > drivers/ide/ide-tape.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > --- linux-2.6.orig/drivers/ide/ide-tape.c
> > +++ linux-2.6/drivers/ide/ide-tape.c
> > @@ -1057,20 +1057,21 @@ static int idetape_blkdev_ioctl(ide_driv
> >
> > debug_log(DBG_PROCS, "Enter %s\n", __func__);
> >
> > switch (cmd) {
> > case 0x0340:
> > if (copy_from_user(&config, argp, sizeof(config)))
> > return -EFAULT;
> > tape->best_dsc_rw_freq = config.dsc_rw_frequency;
> > break;
> > case 0x0350:
> > + memset(&config, 0, sizeof(config));
>
> Well, I can't find config.dsc_media_access_frequency as being used
> anywhere since the git years of the kernel. I found¹ some archaic
> kernels from 1995 (1.3 series) which used to have IDETAPE_RESET_IOCTL
> defined as 0x0350 but can't seem to find any userspace use of that
> ioctl.
>
> If there's none, you might just as well remove
> config.dsc_media_access_frequency as an alternative solution.
>
> @Bart: Any historic info I'm missing here?
We need to preserve struct idetape_config layout to not break the ioctl
(regardless if the field is really used by some user-space apps or not)..
--
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
