Skip to content

Commit

Permalink
agp: info leak in agpioc_info_wrap()
Browse files Browse the repository at this point in the history 
On 64 bit systems the agp_info struct has a 4 byte hole between
->agp_mode and ->aper_base.  We need to clear it to avoid disclosing
stack information to userspace.

Signed-off-by: Dan Carpenter <[email protected]>
Cc: David Airlie <[email protected]>
Cc: Daniel Vetter <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
  • Loading branch information
@torvalds
Dan Carpenter authored and torvalds committed May 6, 2014
1 parent d353efd commit 3ca9e5d
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions drivers/char/agp/frontend.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -730,6 +730,7 @@ static int agpioc_info_wrap(struct agp_file_private *priv, void __user *arg)

agp_copy_info(agp_bridge, &kerninfo);

memset(&userinfo, 0, sizeof(userinfo));
userinfo.version.major = kerninfo.version.major;
userinfo.version.minor = kerninfo.version.minor;
userinfo.bridge_id = kerninfo.device->vendor |
Expand Down

0 comments on commit 3ca9e5d

Please sign in to comment.