staging: alarm-dev: information leak in alarm_compat_ioctl()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If we pass an invalid clock type then "ts" is never set. We need to
check for errors earlier, otherwise we end up passing uninitialized
stack data to userspace.

Reported-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Dan Carpenter and committed by

Greg Kroah-Hartman 13 years ago 60bba385 e919b86c

+3 -1

1 changed file

expand all

drivers

staging

android

alarm-dev.c

+3 -1

drivers/staging/android/alarm-dev.c

··· 297 297 } 298 298 299 299 rv = alarm_do_ioctl(file, cmd, &ts); 300 + if (rv) 301 + return rv; 300 302 301 303 switch (ANDROID_ALARM_BASE_CMD(cmd)) { 302 304 case ANDROID_ALARM_GET_TIME(0): /* NOTE: we modified cmd above */ ··· 307 305 break; 308 306 } 309 307 310 - return rv; 308 + return 0; 311 309 } 312 310 #endif 313 311