scsi: megasas: initialise local configuration data buffer

When reading MegaRAID SAS controller configuration via MegaRAID Firmware Interface(MFI) commands, routine megasas_dcmd_cfg_read uses an uninitialised local data buffer. Initialise this buffer to avoid stack information leakage. Reported-by: Li Qiang <[email protected]> Signed-off-by: Prasad J Pandit <[email protected]> Message-Id: <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
pfliu · May 29, 2016 · d37af74 · d37af74
1 parent 1b85898
commit d37af74
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
@@ -1293,7 +1293,7 @@ static int megasas_dcmd_ld_get_info(MegasasState *s, MegasasCmd *cmd)
 
 static int megasas_dcmd_cfg_read(MegasasState *s, MegasasCmd *cmd)
 {
-    uint8_t data[4096];
+    uint8_t data[4096] = { 0 };
     struct mfi_config_data *info;
     int num_pd_disks = 0, array_offset, ld_offset;
     BusChild *kid;