From: Dan Rosenberg <drosenberg@vsecurity.com>
Date: Wed, 15 Sep 2010 11:43:28 +0000 (+0000)
Subject: drivers/net/usb/hso.c: prevent reading uninitialized memory
X-Git-Tag: v2.6.36-rc5~12^2~7
X-Git-Url: https://bbs.cooldavid.org/git/?p=net-next-2.6.git;a=commitdiff_plain;h=7011e660938fc44ed86319c18a5954e95a82ab3e

drivers/net/usb/hso.c: prevent reading uninitialized memory

Fixed formatting (tabs and line breaks).

The TIOCGICOUNT device ioctl allows unprivileged users to read
uninitialized stack memory, because the "reserved" member of the
serial_icounter_struct struct declared on the stack in hso_get_count()
is not altered or zeroed before being copied back to the user.  This
patch takes care of it.

Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
index 6efca66b876..1cd752f9a6e 100644
--- a/drivers/net/usb/hso.c
+++ b/drivers/net/usb/hso.c
@@ -1652,6 +1652,8 @@ static int hso_get_count(struct hso_serial *serial,
 	struct uart_icount cnow;
 	struct hso_tiocmget  *tiocmget = serial->tiocmget;
 
+	memset(&icount, 0, sizeof(struct serial_icounter_struct));
+
 	if (!tiocmget)
 		 return -ENOENT;
 	spin_lock_irq(&serial->serial_lock);