mirror of https://gitee.com/openkylin/linux.git
USB: usbfs: fix potential infoleak in devio
The stack object “ci” has a total size of 8 bytes. Its last 3 bytes are padding bytes which are not initialized and leaked to userland via “copy_to_user”. Signed-off-by: Kangjie Lu <kjlu@gatech.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
973986126a
commit
681fef8380
|
@ -1316,10 +1316,11 @@ static int proc_getdriver(struct usb_dev_state *ps, void __user *arg)
|
|||
|
||||
static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg)
|
||||
{
|
||||
struct usbdevfs_connectinfo ci = {
|
||||
.devnum = ps->dev->devnum,
|
||||
.slow = ps->dev->speed == USB_SPEED_LOW
|
||||
};
|
||||
struct usbdevfs_connectinfo ci;
|
||||
|
||||
memset(&ci, 0, sizeof(ci));
|
||||
ci.devnum = ps->dev->devnum;
|
||||
ci.slow = ps->dev->speed == USB_SPEED_LOW;
|
||||
|
||||
if (copy_to_user(arg, &ci, sizeof(ci)))
|
||||
return -EFAULT;
|
||||
|
|
Loading…
Reference in New Issue