The syzbot reported a kernel-usb-infoleak in usbtmc_write,
we need to clear the structure before filling fields.
Fixes: 4ddc645f40e9 ("usb: usbtmc: Add ioctl for vendor specific write")
Reported-and-tested-by: syzbot+9d34f80f841e948c3fdb@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=9d34f80f841e948c3fdb
Signed-off-by: Edward Adam Davis <eadavis@xxxxxx>
---
drivers/usb/class/usbtmc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/class/usbtmc.c b/drivers/usb/class/usbtmc.c
index 6bd9fe565385..e9ddaa9b580d 100644
--- a/drivers/usb/class/usbtmc.c
+++ b/drivers/usb/class/usbtmc.c
@@ -759,6 +759,7 @@ static struct urb *usbtmc_create_urb(void)
usb_free_urb(urb);
return NULL;
}
+ memset(dmabuf, 0, bufsize);
urb->transfer_buffer = dmabuf;
urb->transfer_buffer_length = bufsize;
--
2.43.0
