[PATCH 1/1] RDMA/core: Don't copy uninitialized stack memory to userspace

From: Xidong Wang
Date: Tue Jun 09 2020 - 04:41:16 EST

Next message: Christoph Hellwig: "Re: next-0519 on thinkpad x60: sound related? window manager crash"
Previous message: Pali RohÃr: "Re: [PATCH v2 2/3] platform/x86: dell-wmi: add new keymap type 0x0012"
Next in thread: Gal Pressman: "Re: [PATCH 1/1] RDMA/core: Don't copy uninitialized stack memory to userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: xidongwang <wangxidong_97@xxxxxxx>

ib_uverbs_create_ah() may copy stack allocated
structs to userspace without initializing all members of these
structs. Clear out this memory to prevent information leaks.

Signed-off-by: xidongwang <wangxidong_97@xxxxxxx>
---
drivers/infiniband/core/uverbs_cmd.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
index b48b3f6..04861e6 100644
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -2481,6 +2481,7 @@ static int ib_uverbs_create_ah(struct uverbs_attr_bundle *attrs)
uobj->user_handle = cmd.user_handle;
uobj->object = ah;

+ memset(&resp, 0, sizeof(resp));
resp.ah_handle = uobj->id;

ret = uverbs_response(attrs, &resp, sizeof(resp));
--
2.7.4

Next message: Christoph Hellwig: "Re: next-0519 on thinkpad x60: sound related? window manager crash"
Previous message: Pali RohÃr: "Re: [PATCH v2 2/3] platform/x86: dell-wmi: add new keymap type 0x0012"
Next in thread: Gal Pressman: "Re: [PATCH 1/1] RDMA/core: Don't copy uninitialized stack memory to userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]