USB: usbtmc: prevent kernel-usb-infoleak

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The syzbot reported a kernel-usb-infoleak in usbtmc_write,
we need to clear the structure before filling fields.

Fixes: 4ddc645f40e9 ("usb: usbtmc: Add ioctl for vendor specific write")
Reported-and-tested-by: syzbot+9d34f80f841e948c3fdb@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=9d34f80f841e948c3fdb
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/tencent_9649AA6EC56EDECCA8A7D106C792D1C66B06@qq.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Edward Adam Davis and committed by

Greg Kroah-Hartman 2 years ago 625fa771 0088d758

+1 -1

1 changed file

expand all

drivers

usb

class

usbtmc.c

+1 -1

drivers/usb/class/usbtmc.c

··· 754 754 if (!urb) 755 755 return NULL; 756 756 757 - dmabuf = kmalloc(bufsize, GFP_KERNEL); 757 + dmabuf = kzalloc(bufsize, GFP_KERNEL); 758 758 if (!dmabuf) { 759 759 usb_free_urb(urb); 760 760 return NULL;