+ drivers-char-synclink_gtc-fix-information-leak-to-userland.patch added to -mm tree

[akpm@xxxxxxxxxxxxxxxxxxxx]

The patch titled
     drivers/char/synclink_gt.c: fix information leak to userland
has been added to the -mm tree.  Its filename is
     drivers-char-synclink_gtc-fix-information-leak-to-userland.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/SubmitChecklist when testing your code ***

See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find
out what to do about this

The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/

------------------------------------------------------
Subject: drivers/char/synclink_gt.c: fix information leak to userland
From: Vasiliy Kulikov <segooon@xxxxxxxxx>

Structures tmp_params and new_line are copied to userland with some
padding fields unitialized.  It leads to leaking of stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@xxxxxxxxx>
Acked-by: Paul Fulghum <paulkf@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 drivers/char/synclink_gt.c |    3 +++
 1 file changed, 3 insertions(+)

diff -puN drivers/char/synclink_gt.c~drivers-char-synclink_gtc-fix-information-leak-to-userland drivers/char/synclink_gt.c
--- a/drivers/char/synclink_gt.c~drivers-char-synclink_gtc-fix-information-leak-to-userland
+++ a/drivers/char/synclink_gt.c
@@ -1132,6 +1132,7 @@ static long get_params32(struct slgt_inf
 	struct MGSL_PARAMS32 tmp_params;
 
 	DBGINFO(("%s get_params32\n", info->device_name));
+	memset(&tmp_params, 0, sizeof(tmp_params));
 	tmp_params.mode            = (compat_ulong_t)info->params.mode;
 	tmp_params.loopback        = info->params.loopback;
 	tmp_params.flags           = info->params.flags;
@@ -1617,6 +1618,8 @@ static int hdlcdev_ioctl(struct net_devi
 	if (cmd != SIOCWANDEV)
 		return hdlc_ioctl(dev, ifr, cmd);
 
+	memset(&new_line, 0, sizeof(new_line));
+
 	switch(ifr->ifr_settings.type) {
 	case IF_GET_IFACE: /* return current sync_serial_settings */
 
_

Patches currently in -mm which might be from segooon@xxxxxxxxx are

linux-next.patch
mm-mempolicy-check-return-code-of-check_range.patch
drivers-rtc-classc-fix-device_register-error-handling.patch
drivers-char-applicomc-fix-information-leak-to-userland.patch
drivers-char-hpetc-fix-information-leak-to-userland.patch
drivers-char-hpetc-fix-information-leak-to-userland-fix.patch
drivers-char-ppdevc-fix-information-leak-to-userland.patch
drivers-char-synclink_gtc-fix-information-leak-to-userland.patch
memstick-core-fix-device_register-error-handling.patch

--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html