Hello Colin,
> -----Original Message----- > From: Colin King [mailto:colin.k...@canonical.com] > Sent: Tuesday, February 7, 2017 5:55 AM > To: dl-esc-Aacraid Linux Driver <aacr...@microsemi.com>; James E . J . > Bottomley <j...@linux.vnet.ibm.com>; Martin K . Petersen > <martin.peter...@oracle.com>; linux-scsi@vger.kernel.org > Cc: kernel-janit...@vger.kernel.org; linux-ker...@vger.kernel.org > Subject: [PATCH] scsi: aacraid: fix information leak on hbainfo.driver_name > > EXTERNAL EMAIL > > > From: Colin Ian King <colin.k...@canonical.com> > > The driver_name field is not initialized and hence information > on the stack is being leaked to userspace on the copy_to_user. > Fix this. I am curious, do you mean that the user will be able to retrieve garbage stack values from the variables that were not set (driver_name etc)? . If so how is it a security threat? Regards, Raghava Aditya > Signed-off-by: Colin Ian King <colin.k...@canonical.com> > --- > drivers/scsi/aacraid/commctrl.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c > index 614842a..eb48d0a 100644 > --- a/drivers/scsi/aacraid/commctrl.c > +++ b/drivers/scsi/aacraid/commctrl.c > @@ -1015,7 +1015,7 @@ static int aac_get_pci_info(struct aac_dev* dev, > void __user *arg) > > static int aac_get_hba_info(struct aac_dev *dev, void __user *arg) > { > - struct aac_hba_info hbainfo; > + struct aac_hba_info hbainfo = { 0 }; > > hbainfo.adapter_number = (u8) dev->id; > hbainfo.system_io_bus_number = dev->pdev->bus->number; > -- > 2.10.2
