Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a0846f18 authored by Dan Rosenberg's avatar Dan Rosenberg Committed by Greg Kroah-Hartman
Browse files

USB: serial/mos*: prevent reading uninitialized stack memory 



The TIOCGICOUNT device ioctl in both mos7720.c and mos7840.c allows
unprivileged users to read uninitialized stack memory, because the
"reserved" member of the serial_icounter_struct struct declared on the
stack is not altered or zeroed before being copied back to the user.
This patch takes care of it.

Signed-off-by: default avatarDan Rosenberg <dan.j.rosenberg@gmail.com>
Cc: stable <stable@kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent fc8f2a76

drivers/usb/serial/mos7720.c

+3 −0
Original line number Diff line number Diff line
@@ -2024,6 +2024,9 @@ static int mos7720_ioctl(struct tty_struct *tty, struct file *file, 


	case TIOCGICOUNT:

		cnow = mos7720_port->icount;



		memset(&icount, 0, sizeof(struct serial_icounter_struct));



		icount.cts = cnow.cts;

		icount.dsr = cnow.dsr;

		icount.rng = cnow.rng;

drivers/usb/serial/mos7840.c

+3 −0
Original line number Diff line number Diff line
@@ -2285,6 +2285,9 @@ static int mos7840_ioctl(struct tty_struct *tty, struct file *file, 
	case TIOCGICOUNT:

		cnow = mos7840_port->icount;

		smp_rmb();



		memset(&icount, 0, sizeof(struct serial_icounter_struct));



		icount.cts = cnow.cts;

		icount.dsr = cnow.dsr;

		icount.rng = cnow.rng;