staging: dgrp: info leak in dgrp_dpa_ioctl()

If "nd->nd_vpd_len" is less than 512 then the last part of the "vpd.vpd_data" has uninitialized stack information. We need to clear it before copying the buffer to user space. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

staging: dgrp: info leak in dgrp_dpa_ioctl()
If "nd->nd_vpd_len" is less than 512 then the last part of the "vpd.vpd_data" has uninitialized stack information. We need to clear it before copying the buffer to user space. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
eecb2629 · Dan Carpenter · Greg Kroah-Hartman · a4b47eea · eecb2629
Commit eecb2629 authored Apr 21, 2013 by Dan Carpenter Committed by Greg Kroah-Hartman Apr 22, 2013
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

drivers/staging/dgrp/dgrp_dpa_ops.c drivers/staging/dgrp/dgrp_dpa_ops.c +1 -0

No files found.
--- a/drivers/staging/dgrp/dgrp_dpa_ops.c
+++ b/drivers/staging/dgrp/dgrp_dpa_ops.c
@@ -432,6 +432,7 @@ static long dgrp_dpa_ioctl(struct file *file, unsigned int cmd,
 	case DIGI_GETVPD:
+		memset(&vpd, 0, sizeof(vpd));
 		if (nd->nd_vpd_len > 0) {
 			vpd.vpd_len = nd->nd_vpd_len;
 			memcpy(&vpd.vpd_data, &nd->nd_vpd, nd->nd_vpd_len);