mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-01 18:55:12 +00:00
TPM: Zero buffer after copying to userspace
Since the buffer might contain security related data it might be a good idea to zero the buffer after we have copied it to userspace. This got assigned CVE-2011-1162. Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Cc: Stable Kernel <stable@kernel.org> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
6b07d30aca
commit
3321c07ae5
@ -1105,6 +1105,7 @@ ssize_t tpm_read(struct file *file, char __user *buf,
|
||||
{
|
||||
struct tpm_chip *chip = file->private_data;
|
||||
ssize_t ret_size;
|
||||
int rc;
|
||||
|
||||
del_singleshot_timer_sync(&chip->user_read_timer);
|
||||
flush_work_sync(&chip->work);
|
||||
@ -1115,8 +1116,11 @@ ssize_t tpm_read(struct file *file, char __user *buf,
|
||||
ret_size = size;
|
||||
|
||||
mutex_lock(&chip->buffer_mutex);
|
||||
if (copy_to_user(buf, chip->data_buffer, ret_size))
|
||||
rc = copy_to_user(buf, chip->data_buffer, ret_size);
|
||||
memset(chip->data_buffer, 0, ret_size);
|
||||
if (rc)
|
||||
ret_size = -EFAULT;
|
||||
|
||||
mutex_unlock(&chip->buffer_mutex);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user