[PATCH] sys_get_thread_area does not clear the returned argument
CC: <stable@kernel.org> sys_get_thread_area does not memset to 0 its struct user_desc info before copying it to user space... since sizeof(struct user_desc) is 16 while the actual datas which are filled are only 12 bytes + 9 bits (across the bitfields), there is a (small) information leak. This was already committed to Linus' repository. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Chris Wright <chrisw@osdl.org>
Showing
Please register or sign in to comment