ipmi: info leak in compat_ipmi_ioctl()

On x86_64 there is a 4 byte hole between ->recv_type and ->addr. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Corey Minyard <cminyard@mvista.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

ipmi: info leak in compat_ipmi_ioctl()
On x86_64 there is a 4 byte hole between ->recv_type and ->addr. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Corey Minyard <cminyard@mvista.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fa7df37b · Dan Carpenter · Linus Torvalds · 6e466452 · fa7df37b
Commit fa7df37b authored Sep 05, 2013 by Dan Carpenter Committed by Linus Torvalds Sep 05, 2013
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

drivers/char/ipmi/ipmi_devintf.c drivers/char/ipmi/ipmi_devintf.c +1 -0

No files found.
--- a/drivers/char/ipmi/ipmi_devintf.c
+++ b/drivers/char/ipmi/ipmi_devintf.c
@@ -810,6 +810,7 @@ static long compat_ipmi_ioctl(struct file *filep, unsigned int cmd,
 		struct ipmi_recv   __user *precv64;
 		struct ipmi_recv   recv64;

+		memset(&recv64, 0, sizeof(recv64));
 		if (get_compat_ipmi_recv(&recv64, compat_ptr(arg)))
 			return -EFAULT;