summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2014-11-14 12:44:48 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2014-11-14 12:44:48 -0800
commitf720d7df993b2cd62c723f1803bc8330871d478f (patch)
treeb9e7258adc77964f7ec1531926c90cfa78f11447
parent3865efcb14f46a5e01852d30a34b2c0dce076b3e (diff)
parenteaca2d8e75e90a70a63a6695c9f61932609db212 (diff)
downloadlinux-f720d7df993b2cd62c723f1803bc8330871d478f.tar.bz2
Merge tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394
Pull firewire fix from Stefan Richter: "IEEE 1394 (FireWire) subsystem fix: The character device file interface for raw 1394 I/O took uninitialized kernel stack as substitute for missing ioctl() argument data. This could partially show up in subsequent read() output" * tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394: firewire: cdev: prevent kernel stack leaking into ioctl arguments
-rw-r--r--drivers/firewire/core-cdev.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
index 5d997a33907e..2a3973a7c441 100644
--- a/drivers/firewire/core-cdev.c
+++ b/drivers/firewire/core-cdev.c
@@ -1637,8 +1637,7 @@ static int dispatch_ioctl(struct client *client,
_IOC_SIZE(cmd) > sizeof(buffer))
return -ENOTTY;
- if (_IOC_DIR(cmd) == _IOC_READ)
- memset(&buffer, 0, _IOC_SIZE(cmd));
+ memset(&buffer, 0, sizeof(buffer));
if (_IOC_DIR(cmd) & _IOC_WRITE)
if (copy_from_user(&buffer, arg, _IOC_SIZE(cmd)))