Commit b9b11342 authored by Vasiliy Kulikov's avatar Vasiliy Kulikov Committed by Linus Torvalds

drivers/char/ppdev.c: fix information leak to userland

Structure par_timeout is copied to userland with some padding fields
unitialized.  Field tv_usec has type __kernel_suseconds_t, it differs from
tv_sec's type on some architectures.  It leads to leaking of stack memory.
Signed-off-by: default avatarVasiliy Kulikov <segooon@gmail.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 19714a8a
...@@ -613,6 +613,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg) ...@@ -613,6 +613,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
case PPGETTIME: case PPGETTIME:
to_jiffies = pp->pdev->timeout; to_jiffies = pp->pdev->timeout;
memset(&par_timeout, 0, sizeof(par_timeout));
par_timeout.tv_sec = to_jiffies / HZ; par_timeout.tv_sec = to_jiffies / HZ;
par_timeout.tv_usec = (to_jiffies % (long)HZ) * (1000000/HZ); par_timeout.tv_usec = (to_jiffies % (long)HZ) * (1000000/HZ);
if (copy_to_user (argp, &par_timeout, sizeof(struct timeval))) if (copy_to_user (argp, &par_timeout, sizeof(struct timeval)))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment