Re: [PATCH] usb: iowarrior: fix infoleak in iowarrior_read()

From: Oliver Neukum
Date: Thu Sep 12 2024 - 13:08:02 EST

Next message: nerdopolis: "Re: VT-less kernels, and /dev/console on x86"
Previous message: Jesper Dangaard Brouer: "[PATCH V11] cgroup/rstat: Avoid flushing if there is an ongoing root flush"
In reply to: Jeongjun Park: "[PATCH] usb: iowarrior: fix infoleak in iowarrior_read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12.09.24 18:34, Jeongjun Park wrote:

The dev->read_queue buffer memory allocated from iowarrior_probe is
allocated in an uninitialized state, and it is possible to copy the
uninitialized memory area to the user buffer through iowarrior_read.

Hi,

I am very sorry, but this is not a proper fix. That this happens
shows that the driver has a bug in iowarrior_read(). Zeroing out
the buffer just papers over it.

Regards
Oliver

Next message: nerdopolis: "Re: VT-less kernels, and /dev/console on x86"
Previous message: Jesper Dangaard Brouer: "[PATCH V11] cgroup/rstat: Avoid flushing if there is an ongoing root flush"
In reply to: Jeongjun Park: "[PATCH] usb: iowarrior: fix infoleak in iowarrior_read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]