Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit eecb2629 authored by Dan Carpenter's avatar Dan Carpenter Committed by Greg Kroah-Hartman
Browse files

staging: dgrp: info leak in dgrp_dpa_ioctl() 



If "nd->nd_vpd_len" is less than 512 then the last part of the
"vpd.vpd_data" has uninitialized stack information.  We need to clear it
before copying the buffer to user space.

Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent a4b47eea

drivers/staging/dgrp/dgrp_dpa_ops.c

+1 −0
Original line number Diff line number Diff line
@@ -432,6 +432,7 @@ static long dgrp_dpa_ioctl(struct file *file, unsigned int cmd, 




	case DIGI_GETVPD:

		memset(&vpd, 0, sizeof(vpd));

		if (nd->nd_vpd_len > 0) {

			vpd.vpd_len = nd->nd_vpd_len;

			memcpy(&vpd.vpd_data, &nd->nd_vpd, nd->nd_vpd_len);