usb: misc: iowarrior: fix information leak to userland

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Structure iowarrior_info is copied to userland with padding byted
between "serial" and "revision" fields uninitialized. It leads to
leaking of contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Cc: stable <stable@kernel.org>
Acked-by: Kees Cook <kees.cook@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

authored by

Vasiliy Kulikov and committed by

Greg Kroah-Hartman 15 years ago eca67aae 5dc92cf1

1 changed file

expand all

drivers

usb

misc

iowarrior.c

drivers/usb/misc/iowarrior.c

··· 553 553 /* needed for power consumption */ 554 554 struct usb_config_descriptor *cfg_descriptor = &dev->udev->actconfig->desc; 555 555 556 + memset(&info, 0, sizeof(info)); 556 557 /* directly from the descriptor */ 557 558 info.vendor = le16_to_cpu(dev->udev->descriptor.idVendor); 558 559 info.product = dev->product_id;