Subject: [merged] cciss-fix-info-leak-in-cciss_ioctl32_passthru.patch removed from -mm tree
To: dan.carpenter@xxxxxxxxxx,mike.miller@xxxxxx,mm-commits@xxxxxxxxxxxxxxx
From: akpm@xxxxxxxxxxxxxxxxxxxx
Date: Wed, 25 Sep 2013 12:06:18 -0700
The patch titled
Subject: cciss: fix info leak in cciss_ioctl32_passthru()
has been removed from the -mm tree. Its filename was
cciss-fix-info-leak-in-cciss_ioctl32_passthru.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Subject: cciss: fix info leak in cciss_ioctl32_passthru()
The arg64 struct has a hole after ->buf_size which isn't cleared. Or if
any of the calls to copy_from_user() fail then that would cause an
information leak as well.
This was assigned CVE-2013-2147.
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Acked-by: Mike Miller <mike.miller@xxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
drivers/block/cciss.c | 1 +
1 file changed, 1 insertion(+)
diff -puN drivers/block/cciss.c~cciss-fix-info-leak-in-cciss_ioctl32_passthru drivers/block/cciss.c
--- a/drivers/block/cciss.c~cciss-fix-info-leak-in-cciss_ioctl32_passthru
+++ a/drivers/block/cciss.c
@@ -1189,6 +1189,7 @@ static int cciss_ioctl32_passthru(struct
int err;
u32 cp;
+ memset(&arg64, 0, sizeof(arg64));
err = 0;
err |=
copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
_
Patches currently in -mm which might be from dan.carpenter@xxxxxxxxxx are
origin.patch
linux-next.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
