[PATCH] x86: fix potential memleak in do_error_trap
From: Michal Hocko
Date: Mon May 23 2016 - 09:47:28 EST
do_error_trap defines on stack siginfo structure which is then sent down
to do_trap -> force_sig_info without initializing it. __send_signal ->
copy_siginfo will copy the content for later use when the signal is
dequeued. This information might later leak into userspace. Fix it by
clearing the whole siginfo in do_error_trap before sending it to
do_trap.
Signed-off-by: Michal Hocko <mhocko@xxxxxxxx>
---
arch/x86/kernel/traps.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index d1590486204a..945b4dfc02e6 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -271,6 +271,7 @@ static void do_error_trap(struct pt_regs *regs, long error_code, char *str,
if (notify_die(DIE_TRAP, str, regs, error_code, trapnr, signr) !=
NOTIFY_STOP) {
+ memset(&info, 0, sizeof(info));
cond_local_irq_enable(regs);
do_trap(trapnr, signr, str, regs, error_code,
fill_trap_info(regs, signr, trapnr, &info));
--
2.8.1
--
Michal Hocko
SUSE Labs