Google Git
Sign in
kernel / pub / scm / linux / kernel / git / jh / wireless / refs/tags/master-2010-09-20
commitdf6d02300f7c2fbd0fbe626d819c8e5237d72c62[log] [tgz]
authorJohannes Berg <johannes.berg@intel.com>Fri Sep 17 00:38:25 2010 +0200
committerJohn W. Linville <linville@tuxdriver.com>Mon Sep 20 13:41:40 2010 -0400
tree7f0eadba6ca9d0cc19b26dc82ec61bc8df4c9fe2
parent7acc7c683a747689aaaaad4fce1683fc3f85e552 [diff]
wext: fix potential private ioctl memory content leak

When a driver doesn't fill the entire buffer, old
heap contents may remain, and if it also doesn't
update the length properly, this old heap content
will be copied back to userspace.

It is very unlikely that this happens in any of
the drivers using private ioctls since it would
show up as junk being reported by iwpriv, but it
seems better to be safe here, so use kzalloc.

Reported-by: Jeff Mahoney <jeffm@suse.com>
Cc: stable@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
1 file changed
tree: 7f0eadba6ca9d0cc19b26dc82ec61bc8df4c9fe2
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. MAINTAINERS
  28. Makefile
  29. README
  30. REPORTING-BUGS