[PATCH 1/1] RDMA/core: Don't copy uninitialized stack memory to userspace

Xidong Wang <wangxidong_97@xxxxxxx> · Tue, 9 Jun 2020 01:40:57 -0700

From: xidongwang <wangxidong_97@xxxxxxx>

ib_uverbs_create_ah() may copy stack allocated
structs to userspace without initializing all members of these
structs. Clear out this memory to prevent information leaks.

Signed-off-by: xidongwang <wangxidong_97@xxxxxxx>
---
 drivers/infiniband/core/uverbs_cmd.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
index b48b3f6..04861e6 100644
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -2481,6 +2481,7 @@ static int ib_uverbs_create_ah(struct uverbs_attr_bundle *attrs)
 	uobj->user_handle = cmd.user_handle;
 	uobj->object = ah;
 
+	memset(&resp, 0, sizeof(resp));
 	resp.ah_handle = uobj->id;
 
 	ret = uverbs_response(attrs, &resp, sizeof(resp));
-- 
2.7.4







