Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1771133imm; Thu, 27 Sep 2018 02:10:31 -0700 (PDT) X-Google-Smtp-Source: ACcGV63vzbDzL2xMJi2oj51IlEQK/3tFebaGqHq4A4J78mQRHndK+gMh9YLwKWkbrgTtnHV8VGXO X-Received: by 2002:a62:48ce:: with SMTP id q75-v6mr10521444pfi.22.1538039431272; Thu, 27 Sep 2018 02:10:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538039431; cv=none; d=google.com; s=arc-20160816; b=WwB1zntcvqH1wNgUbpNzQXW4d5RwQRCn3vzeKQYDLkfc1O1pk9PKkIHpC3y/FMCDOP WBCBH22CztamvkfmFxoSrA3VYWUb3EPCtpRvodyx7BBsRgPRGvtIBx8BCyL1seaOyla3 8g3BqRihpDEADP6XwIX6mtyxc+7nqtfjK2ioZlkCtwNnUqyFA0CjnqcivvC31JsBoiJB v4UvQm/RwMD9YHevnwj80U8oPqkn6XBNCto4b/71KrDAzWMsVk07Qmr9i5Q0DYRVvPMU ZbthlYRuZaTuhBgKNRLIK0p6WzjfZz3VkH5rUnqc8HKr75xB3gpduJ84pVUQ1jS4C9sF gObA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=Y9YHWyckN+g76U2thePixdSLMn4nTMUFIT+gYJRkBMU=; b=cvTRwNr+HDYJw9MBqWIgyCjtpQ1eJ+vJKkVag4V6KFZUWwe7Z44ohBJbPTh3C7Q2Vd pmK1y3OicQz4jhVfiDq3KvAIDCWaAQh09kKM3+Ko50TYdmUJSpy2CNm/Gft07XhdevYZ 4yH1EYmENthE5ZGKLLpVEYeg9O3RHLLyLeDaFN9QbaGcqorxjdtpAfDD1E5L6ZaFrnNZ Biv2rJATXJieK13RIpktUZxpMwS/eRR/yp+l8gz3oQQ4DJQeBTdZKOa6AX0QSSQqa81l ApHuF/jxmzFnj6gbyz/v9uhg0JX67QMZdZyFtfUseMWUPAe2ZInyAuja+DpGsufPYaoo 6nxw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l185-v6si1532466pgl.270.2018.09.27.02.10.16; Thu, 27 Sep 2018 02:10:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728263AbeI0P0i (ORCPT + 99 others); Thu, 27 Sep 2018 11:26:38 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:55048 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727562AbeI0P0h (ORCPT ); Thu, 27 Sep 2018 11:26:37 -0400 Received: from localhost (ip-213-127-77-73.ip.prioritytelecom.net [213.127.77.73]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 7D23810A4; Thu, 27 Sep 2018 09:09:22 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Willy Tarreau , Jann Horn , Takashi Iwai Subject: [PATCH 4.18 32/88] ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO Date: Thu, 27 Sep 2018 11:03:13 +0200 Message-Id: <20180927090304.470771300@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180927090300.631426620@linuxfoundation.org> References: <20180927090300.631426620@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Willy Tarreau commit 49434c6c575d2008c0abbc93e615019f39e01252 upstream. snd_emu10k1_fx8010_ioctl(SNDRV_EMU10K1_IOCTL_INFO) allocates memory using kmalloc() and partially fills it by calling snd_emu10k1_fx8010_info() before returning the resulting structure to userspace, leaving uninitialized holes. Let's just use kzalloc() here. BugLink: http://blog.infosectcbr.com.au/2018/09/linux-kernel-infoleaks.html Signed-off-by: Willy Tarreau Cc: Jann Horn Cc: Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman --- sound/pci/emu10k1/emufx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/sound/pci/emu10k1/emufx.c +++ b/sound/pci/emu10k1/emufx.c @@ -2540,7 +2540,7 @@ static int snd_emu10k1_fx8010_ioctl(stru emu->support_tlv = 1; return put_user(SNDRV_EMU10K1_VERSION, (int __user *)argp); case SNDRV_EMU10K1_IOCTL_INFO: - info = kmalloc(sizeof(*info), GFP_KERNEL); + info = kzalloc(sizeof(*info), GFP_KERNEL); if (!info) return -ENOMEM; snd_emu10k1_fx8010_info(emu, info);