Skip to content

Commit

Permalink
ALSA: asihpi: fix kernel memory disclosure
Browse files Browse the repository at this point in the history
Some elements in hr are not cleared before being copied to user space,
leaking kernel heap memory to user space. For example, this happens in
the error handling code for the HPI_ADAPTER_DELETE case. Zero the memory
before it's copied.

Signed-off-by: Vlad Tsyrklevich <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
  • Loading branch information
vlad902 authored and tiwai committed Oct 18, 2016
1 parent f771d5b commit d69bb92
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion sound/pci/asihpi/hpioctl.c
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ long asihpi_hpi_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
return -EINVAL;

hm = kmalloc(sizeof(*hm), GFP_KERNEL);
hr = kmalloc(sizeof(*hr), GFP_KERNEL);
hr = kzalloc(sizeof(*hr), GFP_KERNEL);
if (!hm || !hr) {
err = -ENOMEM;
goto out;
Expand Down

0 comments on commit d69bb92

Please sign in to comment.