Re: [PATCH] usb: iowarrior: fix infoleak in iowarrior_read()

From: Oliver Neukum
Date: Thu Sep 12 2024 - 13:08:02 EST




On 12.09.24 18:34, Jeongjun Park wrote:
The dev->read_queue buffer memory allocated from iowarrior_probe is
allocated in an uninitialized state, and it is possible to copy the
uninitialized memory area to the user buffer through iowarrior_read.

Hi,

I am very sorry, but this is not a proper fix. That this happens
shows that the driver has a bug in iowarrior_read(). Zeroing out
the buffer just papers over it.

Regards
Oliver