Acked-by: Andy Walls <awa...@md.metrocast.net> By tomorrow evening I'll put this in my repo and ask for Mauro to pull it.
Regards, Andy Dan Rosenberg <drosenb...@vsecurity.com> wrote: >The FBIOGET_VBLANK device ioctl allows unprivileged users to read 16 >bytes of uninitialized stack memory, because the "reserved" member of >the fb_vblank struct declared on the stack is not altered or zeroed >before being copied back to the user. This patch takes care of it. > >Signed-off-by: Dan Rosenberg <dan.j.rosenb...@gmail.com> > >--- linux-2.6.35.4.orig/drivers/media/video/ivtv/ivtvfb.c 2010-08-26 >19:47:12.000000000 -0400 >+++ linux-2.6.35.4/drivers/media/video/ivtv/ivtvfb.c 2010-09-15 >14:16:46.797375399 -0400 >@@ -458,6 +458,8 @@ static int ivtvfb_ioctl(struct fb_info * > struct fb_vblank vblank; > u32 trace; > >+ memset(&vblank, 0, sizeof(struct fb_vblank)); >+ > vblank.flags = FB_VBLANK_HAVE_COUNT > |FB_VBLANK_HAVE_VCOUNT | > FB_VBLANK_HAVE_VSYNC; > trace = read_reg(IVTV_REG_DEC_LINE_FIELD) >> 16; > > > >
