summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalva Peiró <speiro@ai2.upv.es>2014-03-11 19:31:23 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2014-03-17 16:13:23 -0700
commitb19a47e0603ef89c4179e6e48f6dd1ccc7fa3a7c (patch)
tree3f78e027e478b1cbb48e7a3135352e1c8ce91bd2
parentebade5e833eda30f648d9bf4954f7d47a920b60f (diff)
downloadlinux-b19a47e0603ef89c4179e6e48f6dd1ccc7fa3a7c.tar.gz
linux-b19a47e0603ef89c4179e6e48f6dd1ccc7fa3a7c.tar.bz2
linux-b19a47e0603ef89c4179e6e48f6dd1ccc7fa3a7c.zip
synclink: fix info leak in ioctl
The hdlcdev_ioctl() code fails to initialize the two padding bytes of struct sync_serial_settings after the ->loopback member. Add an explicit memset(0) before filling the structure to avoid the info leak. Signed-off-by: Salva Peiró <speiro@ai2.upv.es> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--drivers/tty/synclink.c1
-rw-r--r--drivers/tty/synclinkmp.c1
2 files changed, 2 insertions, 0 deletions
diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c
index 5ae14b46cce0..d48e040cd8c5 100644
--- a/drivers/tty/synclink.c
+++ b/drivers/tty/synclink.c
@@ -7866,6 +7866,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
HDLC_FLAG_TXC_TXCPIN | HDLC_FLAG_TXC_DPLL |
HDLC_FLAG_TXC_BRG | HDLC_FLAG_TXC_RXCPIN);
+ memset(&new_line, 0, sizeof(new_line));
switch (flags){
case (HDLC_FLAG_RXC_RXCPIN | HDLC_FLAG_TXC_TXCPIN): new_line.clock_type = CLOCK_EXT; break;
case (HDLC_FLAG_RXC_BRG | HDLC_FLAG_TXC_BRG): new_line.clock_type = CLOCK_INT; break;
diff --git a/drivers/tty/synclinkmp.c b/drivers/tty/synclinkmp.c
index 144202eef6fe..53ba8537de8d 100644
--- a/drivers/tty/synclinkmp.c
+++ b/drivers/tty/synclinkmp.c
@@ -1766,6 +1766,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
HDLC_FLAG_TXC_TXCPIN | HDLC_FLAG_TXC_DPLL |
HDLC_FLAG_TXC_BRG | HDLC_FLAG_TXC_RXCPIN);
+ memset(&new_line, 0, sizeof(new_line));
switch (flags){
case (HDLC_FLAG_RXC_RXCPIN | HDLC_FLAG_TXC_TXCPIN): new_line.clock_type = CLOCK_EXT; break;
case (HDLC_FLAG_RXC_BRG | HDLC_FLAG_TXC_BRG): new_line.clock_type = CLOCK_INT; break;