Commit 938abd84 authored by Vasiliy Kulikov's avatar Vasiliy Kulikov Committed by James Bottomley

[SCSI] hpsa: avoid leaking stack contents to userland

memset arg64 to zero in the passthrough ioctls to avoid leaking contents
of kernel stack memory to userland via uninitialized padding fields
inserted by the compiler for alignment reasons.
Signed-off-by: default avatarStephen M. Cameron <scameron@beardog.cce.hp.com>
Signed-off-by: default avatarJames Bottomley <James.Bottomley@suse.de>
parent 1d5e2ed0
...@@ -2310,6 +2310,7 @@ static int hpsa_ioctl32_passthru(struct scsi_device *dev, int cmd, void *arg) ...@@ -2310,6 +2310,7 @@ static int hpsa_ioctl32_passthru(struct scsi_device *dev, int cmd, void *arg)
int err; int err;
u32 cp; u32 cp;
memset(&arg64, 0, sizeof(arg64));
err = 0; err = 0;
err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
sizeof(arg64.LUN_info)); sizeof(arg64.LUN_info));
...@@ -2346,6 +2347,7 @@ static int hpsa_ioctl32_big_passthru(struct scsi_device *dev, ...@@ -2346,6 +2347,7 @@ static int hpsa_ioctl32_big_passthru(struct scsi_device *dev,
int err; int err;
u32 cp; u32 cp;
memset(&arg64, 0, sizeof(arg64));
err = 0; err = 0;
err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
sizeof(arg64.LUN_info)); sizeof(arg64.LUN_info));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment