| From foo@baz Thu Aug 24 17:49:47 PDT 2017 |
| From: Colin Ian King <colin.king@canonical.com> |
| Date: Thu, 17 Aug 2017 23:14:58 +0100 |
| Subject: irda: do not leak initialized list.dev to userspace |
| |
| From: Colin Ian King <colin.king@canonical.com> |
| |
| |
| [ Upstream commit b024d949a3c24255a7ef1a470420eb478949aa4c ] |
| |
| list.dev has not been initialized and so the copy_to_user is copying |
| data from the stack back to user space which is a potential |
| information leak. Fix this ensuring all of list is initialized to |
| zero. |
| |
| Detected by CoverityScan, CID#1357894 ("Uninitialized scalar variable") |
| |
| Signed-off-by: Colin Ian King <colin.king@canonical.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/irda/af_irda.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/net/irda/af_irda.c |
| +++ b/net/irda/af_irda.c |
| @@ -2251,7 +2251,7 @@ static int irda_getsockopt(struct socket |
| { |
| struct sock *sk = sock->sk; |
| struct irda_sock *self = irda_sk(sk); |
| - struct irda_device_list list; |
| + struct irda_device_list list = { 0 }; |
| struct irda_device_info *discoveries; |
| struct irda_ias_set * ias_opt; /* IAS get/query params */ |
| struct ias_object * ias_obj; /* Object in IAS */ |