| From e12d496bea515723d116b884f824387dd85cfdf4 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Wed, 4 Dec 2019 16:50:53 -0800 |
| Subject: kernel/sys.c: avoid copying possible padding bytes in copy_to_user |
| |
| From: Joe Perches <joe@perches.com> |
| |
| [ Upstream commit 5e1aada08cd19ea652b2d32a250501d09b02ff2e ] |
| |
| Initialization is not guaranteed to zero padding bytes so use an |
| explicit memset instead to avoid leaking any kernel content in any |
| possible padding bytes. |
| |
| Link: http://lkml.kernel.org/r/dfa331c00881d61c8ee51577a082d8bebd61805c.camel@perches.com |
| Signed-off-by: Joe Perches <joe@perches.com> |
| Cc: Dan Carpenter <error27@gmail.com> |
| Cc: Julia Lawall <julia.lawall@lip6.fr> |
| Cc: Thomas Gleixner <tglx@linutronix.de> |
| Cc: Kees Cook <keescook@chromium.org> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| kernel/sys.c | 4 +++- |
| 1 file changed, 3 insertions(+), 1 deletion(-) |
| |
| diff --git a/kernel/sys.c b/kernel/sys.c |
| index a611d1d58c7d0..3459a5ce0da01 100644 |
| --- a/kernel/sys.c |
| +++ b/kernel/sys.c |
| @@ -1279,11 +1279,13 @@ SYSCALL_DEFINE1(uname, struct old_utsname __user *, name) |
| |
| SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) |
| { |
| - struct oldold_utsname tmp = {}; |
| + struct oldold_utsname tmp; |
| |
| if (!name) |
| return -EFAULT; |
| |
| + memset(&tmp, 0, sizeof(tmp)); |
| + |
| down_read(&uts_sem); |
| memcpy(&tmp.sysname, &utsname()->sysname, __OLD_UTS_LEN); |
| memcpy(&tmp.nodename, &utsname()->nodename, __OLD_UTS_LEN); |
| -- |
| 2.25.1 |
| |
