Hello Colin, > -----Original Message----- > From: Colin King [mailto:colin.king@xxxxxxxxxxxxx] > Sent: Tuesday, February 7, 2017 5:55 AM > To: dl-esc-Aacraid Linux Driver <aacraid@xxxxxxxxxxxxx>; James E . J . > Bottomley <jejb@xxxxxxxxxxxxxxxxxx>; Martin K . Petersen > <martin.petersen@xxxxxxxxxx>; linux-scsi@xxxxxxxxxxxxxxx > Cc: kernel-janitors@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx > Subject: [PATCH] scsi: aacraid: fix information leak on hbainfo.driver_name > > EXTERNAL EMAIL > > > From: Colin Ian King <colin.king@xxxxxxxxxxxxx> > > The driver_name field is not initialized and hence information > on the stack is being leaked to userspace on the copy_to_user. > Fix this. I am curious, do you mean that the user will be able to retrieve garbage stack values from the variables that were not set (driver_name etc)? . If so how is it a security threat? Regards, Raghava Aditya > Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx> > --- > drivers/scsi/aacraid/commctrl.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c > index 614842a..eb48d0a 100644 > --- a/drivers/scsi/aacraid/commctrl.c > +++ b/drivers/scsi/aacraid/commctrl.c > @@ -1015,7 +1015,7 @@ static int aac_get_pci_info(struct aac_dev* dev, > void __user *arg) > > static int aac_get_hba_info(struct aac_dev *dev, void __user *arg) > { > - struct aac_hba_info hbainfo; > + struct aac_hba_info hbainfo = { 0 }; > > hbainfo.adapter_number = (u8) dev->id; > hbainfo.system_io_bus_number = dev->pdev->bus->number; > -- > 2.10.2