Structure rAbilities is copied to userland with uart_enable, mwave_os_name and bios_task_name array end elements and some padding fields unitialized. It leads to leaking of stack memory. Signed-off-by: Vasiliy Kulikov <segooon@xxxxxxxxx> --- Compile tested. drivers/char/mwave/mwavedd.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/drivers/char/mwave/mwavedd.c b/drivers/char/mwave/mwavedd.c index 1d82d58..73b6880 100644 --- a/drivers/char/mwave/mwavedd.c +++ b/drivers/char/mwave/mwavedd.c @@ -165,6 +165,7 @@ static long mwave_ioctl(struct file *file, unsigned int iocmd, "mwavedd::mwave_ioctl," " IOCTL_MW_DSP_ABILITIES calling" " tp3780I_QueryAbilities\n"); + memset(&rAbilities, 0, sizeof(MW_ABILITIES)); mutex_lock(&mwave_mutex); retval = tp3780I_QueryAbilities(&pDrvData->rBDData, &rAbilities); -- 1.7.0.4 -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
