Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit f720d7df993b2cd62c723f1803bc8330871d478f

Authored by Linus Torvalds
2 parents 3865efcb14 eaca2d8e75
Exists in ti-lsk-linux-4.1.y and in 10 other branches dlt-processor-sdk-linux-03.00.00.04, processor-sdk-linux-02.00.01, smarc-ti-lsk-linux-4.1.y, smarct3x-processor-sdk-04.01.00.06, smarct3x-processor-sdk-linux-02.00.01, smarct3x-processor-sdk-linux-03.00.00.04, smarct4x-800-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-04.01.00.06, smarct4x-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-linux-03.00.00.04

Merge tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394 

Pull firewire fix from Stefan Richter:
 "IEEE 1394 (FireWire) subsystem fix: The character device file
  interface for raw 1394 I/O took uninitialized kernel stack as
  substitute for missing ioctl() argument data.  This could partially
  show up in subsequent read() output"

* tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
  firewire: cdev: prevent kernel stack leaking into ioctl arguments

Showing 1 changed file Side-by-side Diff

drivers/firewire/core-cdev.c
Diff comments   View file @ f720d7d
... ... @@ -1637,8 +1637,7 @@
1637 1637 _IOC_SIZE(cmd) > sizeof(buffer))
1638 1638 return -ENOTTY;
1639 1639  
1640   - if (_IOC_DIR(cmd) == _IOC_READ)
1641   - memset(&buffer, 0, _IOC_SIZE(cmd));
  1640 + memset(&buffer, 0, sizeof(buffer));
1642 1641  
1643 1642 if (_IOC_DIR(cmd) & _IOC_WRITE)
1644 1643 if (copy_from_user(&buffer, arg, _IOC_SIZE(cmd)))