Revision b4aaa78f4c2f9cde2f335b14f4ca30b01f9651ca authored by Dan Rosenberg on 15 September 2010, 23:08:24 UTC, committed by Florian Tobias Schandinat on 15 September 2010, 23:43:53 UTC
The VIAFB_GET_INFO device ioctl allows unprivileged users to read 246 bytes of uninitialized stack memory, because the "reserved" member of the viafb_ioctl_info struct declared on the stack is not altered or zeroed before being copied back to the user. This patch takes care of it. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com> Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
1 parent f270983
File | Mode | Size |
---|---|---|
Kconfig | -rw-r--r-- | 2.5 KB |
Kconfig.iosched | -rw-r--r-- | 1.8 KB |
Makefile | -rw-r--r-- | 592 bytes |
blk-barrier.c | -rw-r--r-- | 8.6 KB |
blk-cgroup.c | -rw-r--r-- | 26.8 KB |
blk-cgroup.h | -rw-r--r-- | 8.0 KB |
blk-core.c | -rw-r--r-- | 67.8 KB |
blk-exec.c | -rw-r--r-- | 2.6 KB |
blk-integrity.c | -rw-r--r-- | 10.0 KB |
blk-ioc.c | -rw-r--r-- | 3.9 KB |
blk-iopoll.c | -rw-r--r-- | 5.9 KB |
blk-lib.c | -rw-r--r-- | 5.3 KB |
blk-map.c | -rw-r--r-- | 8.1 KB |
blk-merge.c | -rw-r--r-- | 10.6 KB |
blk-settings.c | -rw-r--r-- | 24.6 KB |
blk-softirq.c | -rw-r--r-- | 4.1 KB |
blk-sysfs.c | -rw-r--r-- | 13.8 KB |
blk-tag.c | -rw-r--r-- | 9.9 KB |
blk-timeout.c | -rw-r--r-- | 5.6 KB |
blk.h | -rw-r--r-- | 4.5 KB |
bsg.c | -rw-r--r-- | 23.5 KB |
cfq-iosched.c | -rw-r--r-- | 101.5 KB |
cfq.h | -rw-r--r-- | 3.6 KB |
compat_ioctl.c | -rw-r--r-- | 22.1 KB |
deadline-iosched.c | -rw-r--r-- | 11.4 KB |
elevator.c | -rw-r--r-- | 24.8 KB |
genhd.c | -rw-r--r-- | 29.9 KB |
ioctl.c | -rw-r--r-- | 8.2 KB |
noop-iosched.c | -rw-r--r-- | 2.6 KB |
scsi_ioctl.c | -rw-r--r-- | 18.0 KB |
Computing file changes ...