block: cciss: fix information leak to userland
authorVasiliy Kulikov <segooon@gmail.com>
Thu, 28 Oct 2010 12:31:55 +0000 (06:31 -0600)
committerJens Axboe <jaxboe@fusionio.com>
Thu, 28 Oct 2010 12:31:55 +0000 (06:31 -0600)
Structure IOCTL_Command_struct is copied to userland with
some padding fields at the end of the struct unitialized.
It leads to leaking of contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
drivers/block/cciss.c

index f09e6df15aa7f8e9c6f5842920e43eee3819f21b..13d87a031c88fc6ec76b82b335d79aef1341543c 100644 (file)
@@ -1184,6 +1184,7 @@ static int cciss_ioctl32_big_passthru(struct block_device *bdev, fmode_t mode,
        int err;
        u32 cp;
 
+       memset(&arg64, 0, sizeof(arg64));
        err = 0;
        err |=
            copy_from_user(&arg64.LUN_info, &arg32->LUN_info,