staging/dgnc: fix info leak in ioctl

commit 4b618433 upstream. The dgnc_mgmt_ioctl() code fails to initialize the 16 _reserved bytes of struct digi_dinfo after the ->dinfo_nboards member. Add an explicit memset(0) before filling the structure to avoid the info leak. Signed-off-by: Salva Peiró <speirofr@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reference: CVE-2015-7885 Signed-off-by: Kamal Mostafa <kamal@canonical.com>

staging/dgnc: fix info leak in ioctl
commit 4b618433 upstream. The dgnc_mgmt_ioctl() code fails to initialize the 16 _reserved bytes of struct digi_dinfo after the ->dinfo_nboards member. Add an explicit memset(0) before filling the structure to avoid the info leak. Signed-off-by: Salva Peiró <speirofr@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reference: CVE-2015-7885 Signed-off-by: Kamal Mostafa <kamal@canonical.com>
08ff7938 · Salva Peiró · Kamal Mostafa · 1f7cfc48 · 08ff7938
Commit 08ff7938 authored Oct 14, 2015 by Salva Peiró Committed by Kamal Mostafa Nov 12, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

drivers/staging/dgnc/dgnc_mgmt.c drivers/staging/dgnc/dgnc_mgmt.c +1 -0

No files found.
--- a/drivers/staging/dgnc/dgnc_mgmt.c
+++ b/drivers/staging/dgnc/dgnc_mgmt.c
@@ -133,6 +133,7 @@ long dgnc_mgmt_ioctl(struct file *file, unsigned int cmd, unsigned long arg)

 		spin_lock_irqsave(&dgnc_global_lock, flags);

+		memset(&ddi, 0, sizeof(ddi));
 		ddi.dinfo_nboards = dgnc_NumBoards;
 		sprintf(ddi.dinfo_version, "%s", DG_PART);