diff options
| author | Johan Hovold <johan@kernel.org> | 2019-10-23 10:27:05 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-11-12 19:20:45 +0100 |
| commit | a7be2debb769092c7c07b9a866b055d8bee5afaf (patch) | |
| tree | 15b173591b7cbf7d59865cc13ad4dfe8b8399ba7 /drivers/net | |
| parent | ce9b94da0e043b7b0ec1bd3d0e451d956acff9c1 (diff) | |
| download | linux-stable-a7be2debb769092c7c07b9a866b055d8bee5afaf.tar.gz linux-stable-a7be2debb769092c7c07b9a866b055d8bee5afaf.tar.bz2 linux-stable-a7be2debb769092c7c07b9a866b055d8bee5afaf.zip | |
can: peak_usb: fix slab info leak
commit f7a1337f0d29b98733c8824e165fca3371d7d4fd upstream.
Fix a small slab info leak due to a failure to clear the command buffer
at allocation.
The first 16 bytes of the command buffer are always sent to the device
in pcan_usb_send_cmd() even though only the first two may have been
initialised in case no argument payload is provided (e.g. when waiting
for a response).
Fixes: bb4785551f64 ("can: usb: PEAK-System Technik USB adapters driver core")
Cc: stable <stable@vger.kernel.org> # 3.4
Reported-by: syzbot+863724e7128e14b26732@syzkaller.appspotmail.com
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/net')
| -rw-r--r-- | drivers/net/can/usb/peak_usb/pcan_usb_core.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/net/can/usb/peak_usb/pcan_usb_core.c b/drivers/net/can/usb/peak_usb/pcan_usb_core.c index 43b0fa2b9932..afc8d978124e 100644 --- a/drivers/net/can/usb/peak_usb/pcan_usb_core.c +++ b/drivers/net/can/usb/peak_usb/pcan_usb_core.c @@ -758,7 +758,7 @@ static int peak_usb_create_dev(const struct peak_usb_adapter *peak_usb_adapter, dev = netdev_priv(netdev); /* allocate a buffer large enough to send commands */ - dev->cmd_buf = kmalloc(PCAN_USB_MAX_CMD_LEN, GFP_KERNEL); + dev->cmd_buf = kzalloc(PCAN_USB_MAX_CMD_LEN, GFP_KERNEL); if (!dev->cmd_buf) { err = -ENOMEM; goto lbl_free_candev; |