• Dan Carpenter's avatar
    HID: hiddev: potential info leak in hiddev_ioctl() · 9561f7fa
    Dan Carpenter authored
    Smatch has a new check for Rosenberg type information leaks where
    structs are copied to the user with uninitialized stack data in them.
    
    In this case, the hiddev_devinfo struct has a two byte hole.
    
    struct hiddev_devinfo {
            __u32                      bustype;              /*     0     4 */
            __u32                      busnum;               /*     4     4 */
            __u32                      devnum;               /*     8     4 */
            __u32                      ifnum;                /*    12     4 */
            __s16                      vendor;               /*    16     2 */
            __s16                      product;              /*    18     2 */
            __s16                      version;              /*    20     2 */
    
            /* XXX 2 bytes hole, try to pack */
    
            __u32                      num_applications;     /*    24     4 */
    Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
    Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
    9561f7fa
hiddev.c 22.2 KB