diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2022-09-09 08:54:47 +0200 |
|---|---|---|
| committer | Martin K. Petersen <martin.petersen@oracle.com> | 2022-09-25 14:15:03 -0400 |
| commit | 6022f210461fef67e6e676fd8544ca02d1bcfa7a (patch) | |
| tree | d334e4da26edc6f9681f97957862fc814a813bdb /drivers/scsi | |
| parent | f616efbee9d64cbd3b7b955914fea01cbdd95710 (diff) | |
| download | linux-stable-6022f210461fef67e6e676fd8544ca02d1bcfa7a.tar.gz linux-stable-6022f210461fef67e6e676fd8544ca02d1bcfa7a.tar.bz2 linux-stable-6022f210461fef67e6e676fd8544ca02d1bcfa7a.zip | |
scsi: stex: Properly zero out the passthrough command structure
The passthrough structure is declared off of the stack, so it needs to be
set to zero before copied back to userspace to prevent any unintentional
data leakage. Switch things to be statically allocated which will fill the
unused fields with 0 automatically.
Link: https://lore.kernel.org/r/YxrjN3OOw2HHl9tx@kroah.com
Cc: stable@kernel.org
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: hdthky <hdthky0@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/scsi')
| -rw-r--r-- | drivers/scsi/stex.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/drivers/scsi/stex.c b/drivers/scsi/stex.c index e6420f2127ce..8def242675ef 100644 --- a/drivers/scsi/stex.c +++ b/drivers/scsi/stex.c @@ -665,16 +665,17 @@ static int stex_queuecommand_lck(struct scsi_cmnd *cmd) return 0; case PASSTHRU_CMD: if (cmd->cmnd[1] == PASSTHRU_GET_DRVVER) { - struct st_drvver ver; + const struct st_drvver ver = { + .major = ST_VER_MAJOR, + .minor = ST_VER_MINOR, + .oem = ST_OEM, + .build = ST_BUILD_VER, + .signature[0] = PASSTHRU_SIGNATURE, + .console_id = host->max_id - 1, + .host_no = hba->host->host_no, + }; size_t cp_len = sizeof(ver); - ver.major = ST_VER_MAJOR; - ver.minor = ST_VER_MINOR; - ver.oem = ST_OEM; - ver.build = ST_BUILD_VER; - ver.signature[0] = PASSTHRU_SIGNATURE; - ver.console_id = host->max_id - 1; - ver.host_no = hba->host->host_no; cp_len = scsi_sg_copy_from_buffer(cmd, &ver, cp_len); if (sizeof(ver) == cp_len) cmd->result = DID_OK << 16; |