[alsa-devel] [PATCH 1/2] ALSA: info: Avoid leaking kernel memory

Takashi Iwai tiwai at suse.de
Thu Mar 14 07:49:52 CET 2013


At Thu, 14 Mar 2013 07:15:28 +0100,
David Henningsson wrote:
> 
> On 03/13/2013 05:36 PM, Takashi Iwai wrote:
> > Make sure that the allocated buffer for reading the proc file won't
> > expose the uncleared kernel memory.
> 
> This should go to stable too, due to the security implications of 
> leaking possibly sensitive information to userspace?

It's no problem as long as the driver formats the proc output properly
via snd_iprintf(), thus no actual exposure happens in the codes we
have for now, AFAIK.

The patch is just to be sure on the ground level.


Takashi

> 
> >
> > Signed-off-by: Takashi Iwai <tiwai at suse.de>
> > ---
> >   sound/core/info.c | 4 ++--
> >   1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/sound/core/info.c b/sound/core/info.c
> > index db308db..58e97b3 100644
> > --- a/sound/core/info.c
> > +++ b/sound/core/info.c
> > @@ -89,7 +89,7 @@ static int resize_info_buffer(struct snd_info_buffer *buffer,
> >   	char *nbuf;
> >
> >   	nsize = PAGE_ALIGN(nsize);
> > -	nbuf = krealloc(buffer->buffer, nsize, GFP_KERNEL);
> > +	nbuf = krealloc(buffer->buffer, nsize, GFP_KERNEL | __GFP_ZERO);
> >   	if (! nbuf)
> >   		return -ENOMEM;
> >
> > @@ -353,7 +353,7 @@ static int snd_info_entry_open(struct inode *inode, struct file *file)
> >   				goto __nomem;
> >   			data->rbuffer = buffer;
> >   			buffer->len = PAGE_SIZE;
> > -			buffer->buffer = kmalloc(buffer->len, GFP_KERNEL);
> > +			buffer->buffer = kzalloc(buffer->len, GFP_KERNEL);
> >   			if (buffer->buffer == NULL)
> >   				goto __nomem;
> >   		}
> >
> 
> 
> 
> -- 
> David Henningsson, Canonical Ltd.
> https://launchpad.net/~diwic
> 


More information about the Alsa-devel mailing list