Please apply backport of commit da2311a6385c ("can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices") to v4.9.y

Salvatore Bonaccorso <carnil@xxxxxxxxxx> · Sun, 14 Jun 2020 09:54:03 +0200

Hi

The issue fixed with da2311a6385c ("can: kvaser_usb: kvaser_usb_leaf:
Fix some info-leaks to USB devices") seem to be present as well before
4.19, introduced in 3.8 by commit 080f40a6fa28 "can: kvaser_usb: Add
support for Kvaser CAN/USB devices" already.

For Debian (for 4.9.210-1 upload) and for 3.16.y upstream Ben
Hutchings did backport the commit.

Can you apply it please as well for v4.9.y?

Regards,
Salvatore

>From fe8da238df185e6b55301eea0c762e1ab04df625 Mon Sep 17 00:00:00 2001
From: Xiaolong Huang <butterflyhuangxx@xxxxxxxxx>
Date: Sat, 7 Dec 2019 22:40:24 +0800
Subject: [PATCH] can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB
 devices

Uninitialized Kernel memory can leak to USB devices.

Fix this by using kzalloc() instead of kmalloc().

Signed-off-by: Xiaolong Huang <butterflyhuangxx@xxxxxxxxx>
Fixes: 7259124eac7d ("can: kvaser_usb: Split driver into kvaser_usb_core.c and kvaser_usb_leaf.c")
Cc: linux-stable <stable@xxxxxxxxxxxxxxx> # >= v4.19
Signed-off-by: Marc Kleine-Budde <mkl@xxxxxxxxxxxxxx>
[bwh: Backported to 4.9: adjust filename, context]
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
 drivers/net/can/usb/kvaser_usb.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/net/can/usb/kvaser_usb.c b/drivers/net/can/usb/kvaser_usb.c
index 3a75352f632b..792a1afabf5d 100644
--- a/drivers/net/can/usb/kvaser_usb.c
+++ b/drivers/net/can/usb/kvaser_usb.c
@@ -791,7 +791,7 @@ static int kvaser_usb_simple_msg_async(struct kvaser_usb_net_priv *priv,
 	if (!urb)
 		return -ENOMEM;
 
-	buf = kmalloc(sizeof(struct kvaser_msg), GFP_ATOMIC);
+	buf = kzalloc(sizeof(struct kvaser_msg), GFP_ATOMIC);
 	if (!buf) {
 		usb_free_urb(urb);
 		return -ENOMEM;
@@ -1459,7 +1459,7 @@ static int kvaser_usb_set_opt_mode(const struct kvaser_usb_net_priv *priv)
 	struct kvaser_msg *msg;
 	int rc;
 
-	msg = kmalloc(sizeof(*msg), GFP_KERNEL);
+	msg = kzalloc(sizeof(*msg), GFP_KERNEL);
 	if (!msg)
 		return -ENOMEM;
 
@@ -1592,7 +1592,7 @@ static int kvaser_usb_flush_queue(struct kvaser_usb_net_priv *priv)
 	struct kvaser_msg *msg;
 	int rc;
 
-	msg = kmalloc(sizeof(*msg), GFP_KERNEL);
+	msg = kzalloc(sizeof(*msg), GFP_KERNEL);
 	if (!msg)
 		return -ENOMEM;
 
-- 
2.27.0







