Revision b4aaa78f4c2f9cde2f335b14f4ca30b01f9651ca authored by Dan Rosenberg on 15 September 2010, 23:08:24 UTC, committed by Florian Tobias Schandinat on 15 September 2010, 23:43:53 UTC
The VIAFB_GET_INFO device ioctl allows unprivileged users to read 246 bytes of uninitialized stack memory, because the "reserved" member of the viafb_ioctl_info struct declared on the stack is not altered or zeroed before being copied back to the user. This patch takes care of it. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com> Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
1 parent f270983
| File | Mode | Size |
|---|---|---|
| Kconfig | -rw-r--r-- | 2.5 KB |
| Kconfig.iosched | -rw-r--r-- | 1.8 KB |
| Makefile | -rw-r--r-- | 592 bytes |
| blk-barrier.c | -rw-r--r-- | 8.6 KB |
| blk-cgroup.c | -rw-r--r-- | 26.8 KB |
| blk-cgroup.h | -rw-r--r-- | 8.0 KB |
| blk-core.c | -rw-r--r-- | 67.8 KB |
| blk-exec.c | -rw-r--r-- | 2.6 KB |
| blk-integrity.c | -rw-r--r-- | 10.0 KB |
| blk-ioc.c | -rw-r--r-- | 3.9 KB |
| blk-iopoll.c | -rw-r--r-- | 5.9 KB |
| blk-lib.c | -rw-r--r-- | 5.3 KB |
| blk-map.c | -rw-r--r-- | 8.1 KB |
| blk-merge.c | -rw-r--r-- | 10.6 KB |
| blk-settings.c | -rw-r--r-- | 24.6 KB |
| blk-softirq.c | -rw-r--r-- | 4.1 KB |
| blk-sysfs.c | -rw-r--r-- | 13.8 KB |
| blk-tag.c | -rw-r--r-- | 9.9 KB |
| blk-timeout.c | -rw-r--r-- | 5.6 KB |
| blk.h | -rw-r--r-- | 4.5 KB |
| bsg.c | -rw-r--r-- | 23.5 KB |
| cfq-iosched.c | -rw-r--r-- | 101.5 KB |
| cfq.h | -rw-r--r-- | 3.6 KB |
| compat_ioctl.c | -rw-r--r-- | 22.1 KB |
| deadline-iosched.c | -rw-r--r-- | 11.4 KB |
| elevator.c | -rw-r--r-- | 24.8 KB |
| genhd.c | -rw-r--r-- | 29.9 KB |
| ioctl.c | -rw-r--r-- | 8.2 KB |
| noop-iosched.c | -rw-r--r-- | 2.6 KB |
| scsi_ioctl.c | -rw-r--r-- | 18.0 KB |
Computing file changes ...
