From 18da65e7d30a76ab3ca0ccd2b7ca0690f80f28e4 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Fri, 1 Nov 2013 13:21:54 +0300 Subject: quota: info leak in quota_getquota() The if_dqblk struct has a 4 byte hole at the end of the struct so uninitialized stack information is leaked to user space. Signed-off-by: Dan Carpenter Signed-off-by: Jan Kara --- fs/quota/quota.c | 1 + 1 file changed, 1 insertion(+) (limited to 'fs/quota/quota.c') diff --git a/fs/quota/quota.c b/fs/quota/quota.c index dea86e8967ee..2b363e23f36e 100644 --- a/fs/quota/quota.c +++ b/fs/quota/quota.c @@ -117,6 +117,7 @@ static int quota_setinfo(struct super_block *sb, int type, void __user *addr) static void copy_to_if_dqblk(struct if_dqblk *dst, struct fs_disk_quota *src) { + memset(dst, 0, sizeof(*dst)); dst->dqb_bhardlimit = src->d_blk_hardlimit; dst->dqb_bsoftlimit = src->d_blk_softlimit; dst->dqb_curspace = src->d_bcount; -- cgit v1.2.3