> -----Original Message----- > From: Colin King [mailto:colin.king@xxxxxxxxxxxxx] > Sent: Monday, May 15, 2017 8:56 AM > To: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@xxxxxxxxxxxxx>; > dl-esc-Aacraid Linux Driver <aacraid@xxxxxxxxxxxxx>; James E . J . Bottomley > <jejb@xxxxxxxxxxxxxxxxxx>; Martin K . Petersen > <martin.petersen@xxxxxxxxxx>; linux-scsi@xxxxxxxxxxxxxxx > Cc: kernel-janitors@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx > Subject: [PATCH] scsi: aacraid: fix leak of data from stack back to userspace > > From: Colin Ian King <colin.king@xxxxxxxxxxxxx> > > The fields sense_data_size and sense_data are unitialized garbage from the > stack and are being copied back to userspace. Fix this leak of stack information > by ensuring they are zero'd. > > Detected by CoverityScan, CID#1435473 ("Uninitialized scalar variable") > > Fixes: 423400e64d377 ("scsi: aacraid: Include HBA direct interface") > Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx> > --- > drivers/scsi/aacraid/commctrl.c | 2 ++ > 1 file changed, 2 insertions(+) > Acked-by: Dave Carroll <david.carroll@xxxxxxxxxxxxx>
