Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp1118782ybg; Mon, 27 Jul 2020 08:22:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyGb+8hfQhb0KO16r9IS4I2lXxYaBBnqCMfOZQ9woDoGmQLawKYbxQioE2aPkABU1f5LC1Y X-Received: by 2002:a05:6402:559:: with SMTP id i25mr21473309edx.35.1595863337572; Mon, 27 Jul 2020 08:22:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595863337; cv=none; d=google.com; s=arc-20160816; b=I2k5VYCHBJljt7YsBpcoU/ekjV4yrTlNcr/NljEnvGuaal9NbvzvdT/co/qAMNFe4n tdRGOlEwAUPG4xJPEA6xBU/QCuQC+Pb7BgioXhVAxyBGgAcqt4j/szElPtA/clug7YPw HzNGTo/s81mvGg8OqOt6xhmkYTYrLOJ6XtCWoYaAAcmLgJ3zc7wcniJF3+TRmKW5mOXJ QYaOfXtoepY7Kips/OCXBq8INw3OcQ470fnkE5c16iaf9bCqFkMW9xznV3rYdL6o/XxA hM8Vk65/aqqPq+pzXm4ctnKCVAHIESH/qC8198oNsK8d+NntpRFJAvopEILxBV3zk0oJ Narg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=oumv6DjctSmluV8Ivacc6/Q4aJir+U55bBJZDerGc5I=; b=bimZQjtZeWShmrp1BOE990LiUnDNgdVnFk1xAC9+Wfe3m+C1yw7M1uL+ISheu63WEk mMHFflalEktPBGobi19w7BnmHdeULRBrioZ2UUtpy0RqFyWnbLmcrIUsMRCQgH0HMU9g h2mVxBxYdo5MTZC0PTuVsfAy9h2TDmyDRF1+wLOVYLQS6EV/TND2EX5M2LNrnsp3HcSb JOtQKoV74xUNdcuoa5aDFQG3G3PvscSb73diUuVnSJzSyaL780ICBhLwSnR0KgWUx2tu ViKu0/11TEO/pyPtvLQCA9b7NerN1oYXKowSsRLl57VmmVJ+h2Iylh7ygj4gJp6hflR1 LwOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Px+7gUwt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e7si7176788ejm.369.2020.07.27.08.21.55; Mon, 27 Jul 2020 08:22:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Px+7gUwt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729661AbgG0PSO (ORCPT + 99 others); Mon, 27 Jul 2020 11:18:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46036 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728627AbgG0PSO (ORCPT ); Mon, 27 Jul 2020 11:18:14 -0400 Received: from mail-qt1-x841.google.com (mail-qt1-x841.google.com [IPv6:2607:f8b0:4864:20::841]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 21768C061794 for ; Mon, 27 Jul 2020 08:18:14 -0700 (PDT) Received: by mail-qt1-x841.google.com with SMTP id 6so12482782qtt.0 for ; Mon, 27 Jul 2020 08:18:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=oumv6DjctSmluV8Ivacc6/Q4aJir+U55bBJZDerGc5I=; b=Px+7gUwtxpKPDvHuoB6IlCBvk6EYS0HihLI+J0DD9Ezkc74/7XR8zWE5ozirQqLiAX GkTIW+1WD/9kORpCBOnAiXOdvsQplAmxjt4x9u68njVmagBRd1EPT/DkywHRiMxics9e g+KAmVPtsnmWT9MDCxCqrBnvLaV+shLM7I1MiYFWmRJGOJ1QK8QLcbClczKJNwMT1IVb 5b+QaTWXQGkSWsYgGI870ieUbNiJ7NlmKpo6RigKaZKsss2an4B4b3lV5RFz7Oczzu7I bE5utPmhMSYKh8aNIeJoUcULYkWff3tElXuJttV6jWPZZ0P8nCREx7rS3j57zkNrQAIe C5iA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=oumv6DjctSmluV8Ivacc6/Q4aJir+U55bBJZDerGc5I=; b=QYuVi7WtUn0fnQXfk0pAbjFWrYW1pKr3jpYU5no2OtEpN1QenLJjRbq3EMexZ33ofx iRzcnj+96t4A2L1KUIS9DdS2PLi2xuECCHzYZPT1edV4pggVQoCBOMXbC6yfx2U/Zm3W HDpMkkVVkhiq+kTAFS7OW+H+cvFL/zZndlhPwxTmKhpNaNTeQPLcAU6t0eeIVJ/fCTP8 9VhdSwpu0M7Dyn5XL6nXbydkmnMVhv7ouLMJXBb30dMV5VcGnIlSb39+tYqwHzRQDGzu PH6pQ0ComfMVbz6QQE7Z4GCCFNoSaLiaKwM0R7hOf2uBG6Q0e1SsSmawtEpE55zESLeq SuvA== X-Gm-Message-State: AOAM531zl4wb2Xr+E3Jfr5BR2oFd+zk2MTxbTZzblQkWrsR4fzEe5lJS lCFNxJDEWpj/+vdt6TW3tQ== X-Received: by 2002:aed:2199:: with SMTP id l25mr21958744qtc.309.1595863092480; Mon, 27 Jul 2020 08:18:12 -0700 (PDT) Received: from localhost.localdomain ([209.94.141.207]) by smtp.gmail.com with ESMTPSA id o21sm3445003qkk.94.2020.07.27.08.18.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Jul 2020 08:18:12 -0700 (PDT) From: Peilin Ye To: Stefan Richter Cc: Peilin Ye , Dan Carpenter , Arnd Bergmann , Greg Kroah-Hartman , linux-kernel-mentees@lists.linuxfoundation.org, linux1394-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org Subject: [Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get_info() Date: Mon, 27 Jul 2020 11:15:37 -0400 Message-Id: <20200727151537.315023-1-yepeilin.cs@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ioctl_get_info() is copying uninitialized stack memory to userspace due to the compiler not initializing holes in statically allocated structures. Fix it by initializing `event` using memset() in fill_bus_reset_event(). Cc: stable@vger.kernel.org Suggested-by: Dan Carpenter Suggested-by: Arnd Bergmann Signed-off-by: Peilin Ye --- drivers/firewire/core-cdev.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c index fb6c651214f3..2341d762df5b 100644 --- a/drivers/firewire/core-cdev.c +++ b/drivers/firewire/core-cdev.c @@ -340,6 +340,8 @@ static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event, { struct fw_card *card = client->device->card; + memset(event, 0, sizeof(*event)); + spin_lock_irq(&card->lock); event->closure = client->bus_reset_closure; -- 2.25.1