Struct dm_ioctl has some padding/data that is not explicitly cleared before copying to user. This can cause kernel stack contents to be leaked to user space.
Cc: [email protected] Signed-off-by: Adrian Salido <[email protected]> --- drivers/md/dm-ioctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 4da6fc6b1ffd..07627062faae 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1835,6 +1835,7 @@ static int ctl_ioctl(uint command, struct dm_ioctl __user *user) return -ENOTTY; } + memset(¶m_kernel, 0, sizeof(param_kernel)); /* * Copy the parameters into kernel space. */ -- 2.13.0.rc0.306.g87b477812d-goog -- dm-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/dm-devel
