Re: [patch] [media] bt8xx: info leak in ca_get_slot_info()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jul 25, 2013 at 07:29:09PM +0200, walter harms wrote:
> 
> 
> Am 25.07.2013 18:46, schrieb Dan Carpenter:
> > p_ca_slot_info was allocated with kmalloc() so we need to clear it
> > before passing it to the user.
> > 
> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> > 
> > diff --git a/drivers/media/pci/bt8xx/dst_ca.c b/drivers/media/pci/bt8xx/dst_ca.c
> > index 0e788fc..6b9dc3f 100644
> > --- a/drivers/media/pci/bt8xx/dst_ca.c
> > +++ b/drivers/media/pci/bt8xx/dst_ca.c
> > @@ -302,8 +302,11 @@ static int ca_get_slot_info(struct dst_state *state, struct ca_slot_info *p_ca_s
> >  		p_ca_slot_info->flags = CA_CI_MODULE_READY;
> >  		p_ca_slot_info->num = 1;
> >  		p_ca_slot_info->type = CA_CI;
> > -	} else
> > +	} else {
> >  		p_ca_slot_info->flags = 0;
> > +		p_ca_slot_info->num = 0;
> > +		p_ca_slot_info->type = 0;
> > +	}
> >  
> >  	if (copy_to_user(arg, p_ca_slot_info, sizeof (struct ca_slot_info)))
> >  		return -EFAULT;
> 
> note: i have no clue how p_ca_slot_info looks like,
> but to avoid information leaks via compiler padding etc. i could be more wise
> to do a  memset(p_ca_slot_info,0,sizeof (struct ca_slot_info))
> and then set the

There is no compiler padding.  My static checker looks for that.

regards,
dan carpenter

--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux