DivestOS/Patches/Linux_CVEs/CVE-2014-9895/ANY/1.patch

37 lines
1.4 KiB
Diff
Raw Normal View History

From c88e739b1fad662240e99ecbd0bdaac871717987 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Sat, 13 Apr 2013 06:32:15 -0300
Subject: [PATCH] [media] media: info leak in __media_device_enum_links()
These structs have holes and reserved struct members which aren't
cleared. I've added a memset() so we don't leak stack information.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
---
drivers/media/media-device.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/media/media-device.c b/drivers/media/media-device.c
index 1957c0df08fdb..d5a7a135f75d3 100644
--- a/drivers/media/media-device.c
+++ b/drivers/media/media-device.c
@@ -142,6 +142,8 @@ static long __media_device_enum_links(struct media_device *mdev,
for (p = 0; p < entity->num_pads; p++) {
struct media_pad_desc pad;
+
+ memset(&pad, 0, sizeof(pad));
media_device_kpad_to_upad(&entity->pads[p], &pad);
if (copy_to_user(&links->pads[p], &pad, sizeof(pad)))
return -EFAULT;
@@ -159,6 +161,7 @@ static long __media_device_enum_links(struct media_device *mdev,
if (entity->links[l].source->entity != entity)
continue;
+ memset(&link, 0, sizeof(link));
media_device_kpad_to_upad(entity->links[l].source,
&link.source);
media_device_kpad_to_upad(entity->links[l].sink,