drivers/char/ppdev.c: fix information leak to userland

Structure par_timeout is copied to userland with some padding fields unitialized. Field tv_usec has type __kernel_suseconds_t, it differs from tv_sec's type on some architectures. It leads to leaking of stack memory. Signed-off-by: Vasiliy Kulikov <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
yshchan · Oct 28, 2010 · b9b1134 · b9b1134
1 parent 19714a8
commit b9b1134
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
@@ -613,6 +613,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 
 	case PPGETTIME:
 		to_jiffies = pp->pdev->timeout;
+		memset(&par_timeout, 0, sizeof(par_timeout));
 		par_timeout.tv_sec = to_jiffies / HZ;
 		par_timeout.tv_usec = (to_jiffies % (long)HZ) * (1000000/HZ);
 		if (copy_to_user (argp, &par_timeout, sizeof(struct timeval)))