mwave: fix info leak in mwave_ioctl()
authorDan Carpenter <dan.carpenter@oracle.com>
Mon, 8 Jul 2013 23:01:27 +0000 (16:01 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Tue, 9 Jul 2013 17:33:28 +0000 (10:33 -0700)
Smatch complains that on 64 bit systems, there is a hole in the
MW_ABILITIES struct between ->component_count and ->component_list[].
It leaks stack information from the mwave_ioctl() function.

I've added a memset() to initialize the struct to zero.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Greg KH <greg@kroah.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/char/mwave/tp3780i.c

index c68969708068a0f8472b611af2bddb38a3411632..04e6d6a27994392f14e72aa1a45e0c8525fa52fb 100644 (file)
@@ -479,6 +479,7 @@ int tp3780I_QueryAbilities(THINKPAD_BD_DATA * pBDData, MW_ABILITIES * pAbilities
        PRINTK_2(TRACE_TP3780I,
                "tp3780i::tp3780I_QueryAbilities entry pBDData %p\n", pBDData);
 
+       memset(pAbilities, 0, sizeof(*pAbilities));
        /* fill out standard constant fields */
        pAbilities->instr_per_sec = pBDData->rDspSettings.uIps;
        pAbilities->data_size = pBDData->rDspSettings.uDStoreSize;