kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   b93aa821e7713b72d00e83e113719d078fcc69d0
  2.   patches.suse
  3.   ACPI-pfr_telemetry-Fix-info-leak-in-pfrt_log_ioctl.patch
Blob Blame History Raw 
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Fri, 7 Jan 2022 10:34:07 +0300
Subject: ACPI: pfr_telemetry: Fix info leak in pfrt_log_ioctl()
Patch-mainline: v5.17-rc1
Git-commit: 7bf2e4d5ca1c94a9b0f730498b3d01768a72dcbd
References: jsc#PED-1408

The "data_info" struct is copied to the user.  It has a 4 byte struct
hole after the last struct member so we need to memset that to avoid
copying uninitialized stack data to the user.

Fixes: b0013e037a8b ("ACPI: Introduce Platform Firmware Runtime Telemetry driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
---
 drivers/acpi/pfr_telemetry.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/acpi/pfr_telemetry.c
+++ b/drivers/acpi/pfr_telemetry.c
@@ -83,6 +83,7 @@ static int get_pfrt_log_data_info(struct
 	union acpi_object *out_obj, in_obj, in_buf;
 	int ret = -EBUSY;
 
+	memset(data_info, 0, sizeof(*data_info));
 	memset(&in_obj, 0, sizeof(in_obj));
 	memset(&in_buf, 0, sizeof(in_buf));
 	in_obj.type = ACPI_TYPE_PACKAGE;
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.