diff options
| author |  Tom Rix <trix@redhat.com>
| 2022-04-11 13:47:56 -0400 |
|---|---|---|
| committer |  Martin K. Petersen <martin.petersen@oracle.com>
| 2022-04-18 22:48:31 -0400 |
| commit | faad6cebded8e0fd902b672f220449b93db479eb (patch) | |
| tree | a855e9f107491ca67eac889dab5b70b012910174 /arch/arc/kernel/entry.S | |
| parent | scsi: iscsi: MAINTAINERS: Add Mike Christie as co-maintainer (diff) | |
| download | linux-faad6cebded8e0fd902b672f220449b93db479eb.tar.gz linux-faad6cebded8e0fd902b672f220449b93db479eb.tar.bz2 linux-faad6cebded8e0fd902b672f220449b93db479eb.zip | |
scsi: sr: Do not leak information in ioctl
sr_ioctl.c uses this pattern:
result = sr_do_ioctl(cd, &cgc);
to-user = buffer[];
kfree(buffer);
return result;
Use of a buffer without checking leaks information. Check result and jump
over the use of buffer if there is an error.
result = sr_do_ioctl(cd, &cgc);
if (result)
goto err;
to-user = buffer[];
err:
kfree(buffer);
return result;
Additionally, initialize the buffer to zero.
This problem can be seen in the 2.4.0 kernel.
Link: https://lore.kernel.org/r/20220411174756.2418435-1-trix@redhat.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'arch/arc/kernel/entry.S')
0 files changed, 0 insertions, 0 deletions