Am 25.07.2013 18:46, schrieb Dan Carpenter:
> p_ca_slot_info was allocated with kmalloc() so we need to clear it
> before passing it to the user.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
>
> diff --git a/drivers/media/pci/bt8xx/dst_ca.c b/drivers/media/pci/bt8xx/dst_ca.c
> index 0e788fc..6b9dc3f 100644
> --- a/drivers/media/pci/bt8xx/dst_ca.c
> +++ b/drivers/media/pci/bt8xx/dst_ca.c
> @@ -302,8 +302,11 @@ static int ca_get_slot_info(struct dst_state *state, struct ca_slot_info *p_ca_s
> p_ca_slot_info->flags = CA_CI_MODULE_READY;
> p_ca_slot_info->num = 1;
> p_ca_slot_info->type = CA_CI;
> - } else
> + } else {
> p_ca_slot_info->flags = 0;
> + p_ca_slot_info->num = 0;
> + p_ca_slot_info->type = 0;
> + }
>
> if (copy_to_user(arg, p_ca_slot_info, sizeof (struct ca_slot_info)))
> return -EFAULT;
note: i have no clue how p_ca_slot_info looks like,
but to avoid information leaks via compiler padding etc. i could be more wise
to do a memset(p_ca_slot_info,0,sizeof (struct ca_slot_info))
and then set the
p_ca_slot_info->flags = CA_CI_MODULE_READY;
p_ca_slot_info->num = 1;
p_ca_slot_info->type = CA_CI;
just my 2 cents,
re,
wh
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
