Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-07 21:53:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

wext: fix potential private ioctl memory content leak

Browse Source 
commit df6d02300f upstream.

When a driver doesn't fill the entire buffer, old
heap contents may remain, and if it also doesn't
update the length properly, this old heap content
will be copied back to userspace.

It is very unlikely that this happens in any of
the drivers using private ioctls since it would
show up as junk being reported by iwpriv, but it
seems better to be safe here, so use kzalloc.

Reported-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
Johannes Berg 2010-09-17 00:38:25 +02:00 committed by Greg Kroah-Hartman
parent 1aa14af44c
commit 45d787b8a9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/wireless/wext.c
View File

@ -947,7 +947,7 @@ static int ioctl_private_iw_point(struct iw_point *iwp, unsigned int cmd,
} else if (!iwp->pointer)
return -EFAULT;
extra = kmalloc(extra_size, GFP_KERNEL);
extra = kzalloc(extra_size, GFP_KERNEL);
if (!extra)
return -ENOMEM;