On Fri, Oct 01, 2010 at 02:18:04PM -0700, akpm@xxxxxxxxxxxxxxxxxxxx wrote: > From: Dan Rosenberg <drosenberg@xxxxxxxxxxxxx> > > The TIOCGICOUNT device ioctl allows unprivileged users to read > uninitialized stack memory, because the "reserved" member of the > serial_icounter_struct struct declared on the stack is not altered or > zeroed before being copied back to the user. This patch takes care of it. > > Signed-off-by: Dan Rosenberg <dan.j.rosenberg@xxxxxxxxx> > Cc: Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> > Cc: Greg KH <greg@xxxxxxxxx> > Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > --- > > drivers/serial/serial_core.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff -puN drivers/serial/serial_core.c~drivers-serial-serial_corec-prevent-reading-uninitialized-stack-memory drivers/serial/serial_core.c > --- a/drivers/serial/serial_core.c~drivers-serial-serial_corec-prevent-reading-uninitialized-stack-memory > +++ a/drivers/serial/serial_core.c > @@ -1081,6 +1081,8 @@ static int uart_get_icount(struct tty_st > struct uart_icount cnow; > struct uart_port *uport = state->uart_port; > > + memset(&icount, 0, sizeof(struct serial_icounter_struct)); This patch is no longer needed as Alan fixed it in the tty core. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-serial" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
