Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp4181624ybt;
        Sun, 5 Jul 2020 20:29:23 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy/iI9+cSEGjPz1dHLXdbZ3HCkA8biXeTpbWzdvF1ky9jWkVN48PHHKiT2Seyv/sjCPd7qY
X-Received: by 2002:a05:6402:202a:: with SMTP id ay10mr55554151edb.0.1594006163435;
        Sun, 05 Jul 2020 20:29:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1594006163; cv=none;
        d=google.com; s=arc-20160816;
        b=u0N+rvgjxiCxwo2W8AvVsLzZloumYk266iaqfiqTT0Dciz1n1Eso8I734Yjaiof85n
         be4VBVXIeCjiPycQiU7ld0E0AJW2PkLHQXo3mE4hHCl85/2va4zO/CTejv8udCjd8MlK
         Sl+6GC7EjAqpaWKgDzi9opdn1W2YYUU2chjO10HGmJFt/v70pMm1bKbItK+3l4yU9H0u
         0EqvOcKp6c9yIOoEJ7eXjhCemlaSm7R8WSSaMReo8Ww7rVzy+TRuUeEzfYGBwPb6cKpl
         xwfMMKUr6FNfNXJ57QXzzV3SFy8z/vl1PkV3gZEvRZiFHelQhyCoMmEUBMCh0+cYCXA0
         LHMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:to:from:dkim-signature;
        bh=5yazTdyA3YxMPgoBpYzzCyqT8fJEoy7VrCOXLHWeXI8=;
        b=L0EaF/HlYEldTGAKvb+aGBDUUyNDwzQ5aJBQ392ZJ1oOKCt+R2SWwKWdfNL9fjK8Xj
         CSYSQ1M0SBKh4BVgOhkBR88WohM/LEC4YLvd738qmVDfVFbBE2H9SQ6MoJCRrX0HOqU1
         H4lSV080Qus4xRnTTH69WzSYDKXEywlqgdyF0SSciCm0XyVrDnTU08y3Thi8b64q/Ypt
         f1hfVlHV1Tv4pRJewHRSU0TYVdG3Spuj1x7JBvJO5DTHuQqaQPc7zHFT1RkzvGfILKBp
         hDXUm+o0qKteM2d09zhj8cfas706qA7XkXlJmvkX14hzYT9r3O1RYNvPNVATyYzJC3lK
         oShw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@163.com header.s=s110527 header.b=XdrQDrDD;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id e6si12455492ejt.528.2020.07.05.20.29.00;
        Sun, 05 Jul 2020 20:29:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@163.com header.s=s110527 header.b=XdrQDrDD;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728700AbgGFD2l (ORCPT <rfc822;zoe.song.ucas@gmail.com>
        + 99 others); Sun, 5 Jul 2020 23:28:41 -0400
Received: from mail-m972.mail.163.com ([123.126.97.2]:50154 "EHLO
        mail-m972.mail.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728634AbgGFD2l (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 5 Jul 2020 23:28:41 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
        s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=5yazT
        dyA3YxMPgoBpYzzCyqT8fJEoy7VrCOXLHWeXI8=; b=XdrQDrDDQoHy04HdxYZxj
        h3KjGArTII3jkEehfkOKhLmlREGMWNGvTeO5+jV64xvkcLfmvFxWAzwZeH4qkpeZ
        PrxA6H4qj7dMX1PKcoeWBfjUrQzCwWiZLQAPWqCJk8D6+pB6B5zCWaSF55gNp7Zp
        D+xs/Yq1p/8GgVurTtRZqU=
Received: from ubuntu.localdomain (unknown [182.113.175.219])
        by smtp2 (Coremail) with SMTP id GtxpCgC3GA8rmgJfecIjDg--.165S3;
        Mon, 06 Jul 2020 11:27:44 +0800 (CST)
From:   Xidong Wang <wangxidong_97@163.com>
To:     Xidong Wang <wangxidong_97@163.com>,
        Jaroslav Kysela <perex@perex.cz>,
        Takashi Iwai <tiwai@suse.com>, alsa-devel@alsa-project.org,
        linux-kernel@vger.kernel.org
Subject: [PATCH 1/1] ALSA: opl3: fix infoleak in opl3
Date:   Sun,  5 Jul 2020 20:27:38 -0700
Message-Id: <1594006058-30362-1-git-send-email-wangxidong_97@163.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-CM-TRANSID: GtxpCgC3GA8rmgJfecIjDg--.165S3
X-Coremail-Antispam: 1Uf129KBjvdXoW7XFy7ZFy8tF4UtF4kAr45Awb_yoW3Krg_C3
        4Fqrn7Zryrurn2yr4ayFW3ZrZrKasrZw1vqF42vry3J3sa9ryavr1kZryxWF1UJFs7WF43
        Z3savr48AF98JjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT
        9fnUUvcSsGvfC2KfnxnUUI43ZEXa7xRic_-PUUUUU==
X-Originating-IP: [182.113.175.219]
X-CM-SenderInfo: pzdqw5xlgr0wrbzxqiywtou0bp/1tbiyBBZ81p7AiB0FQAAsQ
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: xidongwang <wangxidong_97@163.com>

The stack object “info” in snd_opl3_ioctl() has a leaking problem.
It has 2 padding bytes which are not initialized and leaked via
“copy_to_user”.

Signed-off-by: xidongwang <wangxidong_97@163.com>
---
 sound/drivers/opl3/opl3_synth.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sound/drivers/opl3/opl3_synth.c b/sound/drivers/opl3/opl3_synth.c
index e69a4ef..08c10ac 100644
--- a/sound/drivers/opl3/opl3_synth.c
+++ b/sound/drivers/opl3/opl3_synth.c
@@ -91,6 +91,8 @@ int snd_opl3_ioctl(struct snd_hwdep * hw, struct file *file,
 		{
 			struct snd_dm_fm_info info;
 
+			memset(&info, 0, sizeof(info));
+
 			info.fm_mode = opl3->fm_mode;
 			info.rhythm = opl3->rhythm;
 			if (copy_to_user(argp, &info, sizeof(struct snd_dm_fm_info)))
-- 
2.7.4