Re: [PATCH] drivers/usb/serial/mos*: prevent reading uninitializedstack memory

From: Alan Cox
Date: Thu Sep 16 2010 - 04:19:25 EST

Next message: Xin, Xiaohui: "RE: [RFC PATCH 2/2] macvtap: TX zero copy between guest and hostkernel"
Previous message: Robert Richter: "Re: [RFC 3/6] x86, NMI, Rename memory parity error to PCI SERRerror"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 15 Sep 2010 17:44:16 -0400
Dan Rosenberg <drosenberg@xxxxxxxxxxxxx> wrote:

> The TIOCGICOUNT device ioctl in both mos7720.c and mos7840.c allows
> unprivileged users to read uninitialized stack memory, because the
> "reserved" member of the serial_icounter_struct struct declared on the
> stack is not altered or zeroed before being copied back to the user.
> This patch takes care of it.

ACK ... but this is the wrong way to fix these. We'll be squashing new
ones between here and eternity if we just stick memsets in. It wants
making a tty operation off the tty ioctl code so that there is one place
that clears it and copies it to the user.

I'll have a look at what is needed - I don't think very much.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Xin, Xiaohui: "RE: [RFC PATCH 2/2] macvtap: TX zero copy between guest and hostkernel"
Previous message: Robert Richter: "Re: [RFC 3/6] x86, NMI, Rename memory parity error to PCI SERRerror"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]