p71924506
/
linux_old1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

tty: rocket: Remove RCPK_GET_STRUCT ioctl 

If the cmd is RCPK_GET_STRUCT, copy_to_user will copy
info to user space. As info->port.ops is the address of
a constant object rocket_port_ops (assigned in init_r_port),
a kernel address leakage happens.

Remove the RCPK_GET_STRUCT ioctl.

Signed-off-by: Fuqian Huang <huangfq.daxian@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Fuqian Huang 2019-04-18 12:35:57 +08:00 committed by Greg Kroah-Hartman
parent 8daa89e099
commit 29973f8a88
2 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drivers/tty/rocket.c
View File

@ -1283,10 +1283,6 @@ static int rp_ioctl(struct tty_struct *tty,
return -ENXIO;
switch (cmd) {
case RCKP_GET_STRUCT:
if (copy_to_user(argp, info, sizeof (struct r_port)))
ret = -EFAULT;
break;
case RCKP_GET_CONFIG:
ret = get_config(info, argp);
break;

1
drivers/tty/rocket.h
View File

@ -71,7 +71,6 @@ struct rocket_version {
/*
* Rocketport ioctls -- "RP"
*/
#define RCKP_GET_STRUCT 0x00525001
#define RCKP_GET_CONFIG 0x00525002
#define RCKP_SET_CONFIG 0x00525003
#define RCKP_GET_PORTS 0x00525004