char/tpm: Fix unitialized usage of data buffer

This patch fixes information leakage to the userspace by initializing the data buffer to zero. Reported-by: Peter Huewe <[email protected]> Signed-off-by: Peter Huewe <[email protected]> Signed-off-by: Marcel Selhorst <[email protected]> [ Also removed the silly "* sizeof(u8)". If that isn't 1, we have way deeper problems than a simple multiplication can fix. - Linus ] Signed-off-by: Linus Torvalds <[email protected]>
paperplane · Mar 29, 2011 · 1309d7a · 1309d7a
1 parent 0444d76
commit 1309d7a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
@@ -980,7 +980,7 @@ int tpm_open(struct inode *inode, struct file *file)
 		return -EBUSY;
 	}
 
-	chip->data_buffer = kmalloc(TPM_BUFSIZE * sizeof(u8), GFP_KERNEL);
+	chip->data_buffer = kzalloc(TPM_BUFSIZE, GFP_KERNEL);
 	if (chip->data_buffer == NULL) {
 		clear_bit(0, &chip->is_open);
 		put_device(chip->dev);