paride: fix potential information leak in pg_read()

Smatch has a new check for Rosenberg type information leaks where structs are copied to the user with uninitialized stack data in them. i In this case, the pg_write_hdr struct has a hole in it. struct pg_write_hdr { char magic; /* 0 1 */ char func; /* 1 1 */ /* XXX 2 bytes hole, try to pack */ int dlen; /* 4 4 */ Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: Tim Waugh <tim@cyberelk.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jens Axboe <axboe@kernel.dk>

paride: fix potential information leak in pg_read()
Smatch has a new check for Rosenberg type information leaks where structs are copied to the user with uninitialized stack data in them. i In this case, the pg_write_hdr struct has a hole in it. struct pg_write_hdr { char magic; /* 0 1 */ char func; /* 1 1 */ /* XXX 2 bytes hole, try to pack */ int dlen; /* 4 4 */ Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: Tim Waugh <tim@cyberelk.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jens Axboe <axboe@kernel.dk>
a2c2a0e6 · Dan Carpenter · Jens Axboe · 121f0994 · a2c2a0e6
Commit a2c2a0e6 authored Nov 16, 2011 by Dan Carpenter Committed by Jens Axboe Nov 16, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

drivers/block/paride/pg.c drivers/block/paride/pg.c +1 -0

No files found.
--- a/drivers/block/paride/pg.c
+++ b/drivers/block/paride/pg.c
@@ -630,6 +630,7 @@ static ssize_t pg_read(struct file *filp, char __user *buf, size_t count, loff_t
 		if (dev->status & 0x10)
 			return -ETIME;

+	memset(&hdr, 0, sizeof(hdr));
 	hdr.magic = PG_MAGIC;
 	hdr.dlen = dev->dlen;
 	copy = 0;